[ANNOUNCE] Apache POI 3.5 Released
http://poi.apache.org/
JVNDB-2009-002039 cURL および libcurl における、任意の SSL サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002039.html
JVNDB-2009-002038 Apple Safari の WebKit における URL 内のドメイン名を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002038.html
JVNDB-2009-002037 Apple Safari の WebKit における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002037.html
JVNDB-2009-002036 Apple Safari の WebKit におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002036.html
JVNDB-2009-002035 Apple Safari における Top Sites に任意の Web サイトが表示される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002035.html
JVNDB-2009-002034 Apple CoreGraphics における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002034.html
JVNDB-2009-001911 XML 署名の検証において認証回避が可能な問題
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001911.html
JVNDB-2009-001874 OpenSSL の dtls1_retrieve_buffered_fragment 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001874.html
JVNDB-2009-001873 OpenSSL の dtls1_process_out_of_seq_message 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001873.html
JVNDB-2009-001872 OpenSSL の dtls1_buffer_record 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001872.html
JVNDB-2009-001569 OpenSSL におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001569.html
JVNDB-2009-001535 Red Hat Cluster Project におけるシンボリックリンク攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001535.html
JVNDB-2009-001151 OpenSSL の ASN1_STRING_print_ex 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001151.html
JVNDB-2008-001963 SSH 通信において一部データが漏えいする可能性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001963.html
JVNDB-2007-001166 MySQL の MyISAM テーブルにおける権限チェック回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001166.html
JVNDB-2009-002033 Microsoft Windows の Telnet サービスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002033.html
JVNDB-2009-002032 Microsoft Windows の Workstation サービスにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002032.html
JVNDB-2009-002031 Microsoft Windows の Message Queuing (MSMQ) サービスにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002031.html
JVNDB-2009-002030 Microsoft .NET Framework の ASP.NET におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002030.html
JVNDB-2009-001845 Apache APR-util の apr_brigade_vprintf 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001845.html
JVNDB-2009-001844 Apache APR-util の XML パーサにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001844.html
JVNDB-2009-001843 Apache APR-util の apr_strmatch_precompile 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001843.html
HPSBGN02441 SSRT090082 rev.1 - Microsoft IASまたはNPS上で実行するProcurve Identity Driven Manager (IDM)、ローカル未許可アクセス
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01885084-1
HPSBMA02416 SSRT090008 rev.3 - HP OpenView Network Node Manager (OV NNM)、 任意コードのリモート実行
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01885083-1
HPSBUX02457 SSRT090174 rev.1 - Role-Based Access Control (RBAC) 実行するHP-UX、ローカル未許可アクセス
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=ja_JP&docId=emr_na-c01885185-1
HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Remote Unauthorized Access
http://www13.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01859457-1
お金を不正に振り込ませる3つの管理ツールが登場,RSAセキュリティが報告
http://itpro.nikkeibp.co.jp/article/NEWS/20090929/337930/?ST=security
McAfeeとAdobe,企業向けデータ漏えい対策/DRMソリューションで戦略的提携
http://itpro.nikkeibp.co.jp/article/NEWS/20090929/338002/?ST=security
Microsoft,無料セキュリティ・ソフトを間もなく提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20090929/337924/?ST=security
「メール添付の文書ファイルに注意」、開くだけでウイルス被害の恐れ
米マカフィーが注意喚起、オフィスソフトの脆弱性を突く標的型攻撃
http://itpro.nikkeibp.co.jp/article/NEWS/20090929/337965/?ST=security
アシストが「大量データアクセス」に対する高速化ソリューションを販売開始
http://www.sybase.jp/detail?id=1065776
HP Remote Graphics Software Bug in Sender Lets Remote Authenticated Users Access the System
http://securitytracker.com/alerts/2009/Sep/1022954.html
SAP GUI ActiveX Control Insecure Methods Let Remote Users Overwrite Files on the Target User's System
http://securitytracker.com/alerts/2009/Sep/1022953.html
Lotus Quickr Input Validation Flaw in Document Properties Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2009/Sep/1022952.html
Blackberry OS NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates
http://securitytracker.com/alerts/2009/Sep/1022951.html
Xen PyGrub Access Control Flaw Lets Local Users Modify the Boot Configuration
http://securitytracker.com/alerts/2009/Sep/1022950.html
+ Suhosin Patch 0.9.8 released
http://www.hardened-php.net/suhosin/download.html
+ RHSA-2009:1463-1: Moderate: newt security update
http://rhn.redhat.com/errata/RHSA-2009-1463.html
Linux kernel: next-20090928
http://git.kernel.org/?p=linux/kernel/git/next/linux-next.git;a=summary
Kernel release: 2.6.32-rc2
http://www.linux.org/news/2009/09/27/0001.html
Rakudo Perl 6 development release #21
http://use.perl.org/article.pl?sid=09/09/18/1537230&from=rss
Debian : New horde3 packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30487
Debian : New Shibboleth 1.x packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30488
MajorSecurity : PHP <=5.3 - mysqli_real_escape_string() full path disclosure http://www.criticalwatch.com/support/security-advisories.aspx?AID=30482
Ubuntu Security Notice : Dovecot vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30489
Cross-Site Scripting vulnerability in eCaptcha
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00242.html
[security bulletin] HPSBMA02461 SSRT090187 rev.1 - HP Remote Graphics Software (RGS) Sender, Rem
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00241.html
Local privilege escalation vulnerability in Trustport security software
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00237.html
[USN-838-1] Dovecot vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00234.html
[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00231.html
(edited) [DSECRG-09-044] SAP GUI 7.1 Insecure Methods
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00229.html
[DSECRG-09-043] SAP GUI 7.1 Insecure Method
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00235.html
[MajorSecurity Advisory #59]PHP <=5.3 - mysqli_real_escape_string() full path disclosure http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00230.html
[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00239.html
[MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-09/msg00232.html
Fedora update for asterisk
http://secunia.com/advisories/36903/
IBM Lotus Quickr Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/36899/
Merkaartor Insecure Log File Creation Security Issue
http://secunia.com/advisories/36897/
Joomla iCRM Basic Component Multiple Vulnerabilities
http://secunia.com/advisories/36892/
Fedora update for asterisk
http://secunia.com/advisories/36889/
Fedora update for gnutls
http://secunia.com/advisories/36886/
Fedora update for backintime
http://secunia.com/advisories/36885/
Fedora update for newt
http://secunia.com/advisories/36883/
Debian update for horde3
http://secunia.com/advisories/36882/
SAP GUI WebViewer2D / WebViewer3D ActiveX Controls Insecure Methods
http://secunia.com/advisories/36881/
Cisco ACE XML Gateway / Web Application Firewall Internal IP Address Disclosure
http://secunia.com/advisories/36879/
Gentoo update for curl
http://secunia.com/advisories/36877/
Debian update for opensaml and shibboleth-sp
http://secunia.com/advisories/36876/
BlackBerry Devices Insufficient Certificate Warning Security Issue
http://secunia.com/advisories/36875/
CuteFTP Site Label Parsing Memory Corruption Vulnerability
http://secunia.com/advisories/36874/
Core FTP Hostname Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/36872/
Drupal Bibliography Module Script Insertion Vulnerability
http://secunia.com/advisories/36834/
CMScontrol "id_menu" SQL Injection Vulnerability
http://secunia.com/advisories/36814/
IBM Lotus Quickr Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2009/2779
Cisco ACE XML Gateway and WAF Information Disclosure Issue
http://www.vupen.com/english/advisories/2009/2778
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
http://www.securityfocus.com/bid/33150
e107 'CAPTCHA' Security Bypass Vulnerability and Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/36532
e107 eCaptcha Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36535
TCP/IP Protocol Stack Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/31545
iCRM Basic Joomla! Component Security Bypass and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/36533
SAP AG SAPgui EAI WebViewer3D ActiveX Control Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34310
Computer Associates Multiple Products Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/24330
Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
http://www.securityfocus.com/bid/32582
Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36377
Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/31587
Merkaartor Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/36529
HP Remote Graphics Software (RGS) Sender Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/36534
FlexCell Grid Control (ActiveX) Multiple Arbitrary File Overwrite Vulnerabilities
http://www.securityfocus.com/bid/33453
Joomla! Game Server Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36213
Links SSL Certificate Verification Security Weakness
http://www.securityfocus.com/bid/33108
Multiple Horde Products Cross-Site Scripting Vulnerabilities and File Overwrite Vulnerability
http://www.securityfocus.com/bid/36382
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35417
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
PHP 5.2.10 and Prior Versions Multiple Vulnerabilities
http://www.securityfocus.com/bid/36449
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
GNOME GLib Symbolic Link Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/36313
Wireshark 1.2.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36408
Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36343
FFmpeg 'vmd_read_header()' VMD File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/36419
BlackBerry Device Software Browser Dialog Box Certificate Mismatch Weakness
http://www.securityfocus.com/bid/36528
VLC Media Player Multiple Remote Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36439
OpenSAML 'use' Key Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/36516
OpenSAML URI Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36514
IBM Lotus Quickr Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36527
Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36512
Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36299
0 件のコメント:
コメントを投稿