VMSA-2009-0015: VMware hosted products and ESX patches resolve two security issues
http://www.vmware.com/security/advisories/VMSA-2009-0015.html
Installing the Performance Overview Plug-In in VirtualCenter 2.5 Update 4 and above
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1008296&sliceId=1&docTypeID=DT_KB_1_1
Web サイト経由でのマルウエア感染拡大に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090023.txt
JPCERT/CC WEEKLY REPORT 2009-10-28
http://www.jpcert.or.jp/wr/2009/wr094101.html
JVN#13011682 SEIL/X シリーズおよび SEIL/B1 におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN13011682/index.html
JVN#06362164 SEIL/X シリーズおよび SEIL/B1 におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN06362164/index.html
JVNDB-2009-000070 SEIL/X シリーズおよび SEIL/B1 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000070.html
JVNDB-2009-000069 SEIL/X シリーズおよび SEIL/B1 におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000069.html
JVNDB-2009-002155 Apple iTunes におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002155.html
JVNDB-2009-002154 PostgreSQL の core server コンポーネントにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002154.html
JVNDB-2009-002153 FreeRADIUS における Tunnel-Password 属性値の処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002153.html
JVNDB-2009-002152 Nginx ngx_http_parse_complex_uri() にバッファアンダーランの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002152.html
JVNDB-2009-002151 Linux kernel の z90crypt ドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002151.html
Sniffing SSL: RFC 4366 and TLS Extensions
http://isc.sans.org/diary.html?storyid=7477
Mozilla Firefox Lets Local Users Modify Downloaded Files in Certain Cases
http://securitytracker.com/alerts/2009/Oct/1023096.html
Cherokee Web Server GET AUX Request Lets Remote Users Deny Service
http://securitytracker.com/alerts/2009/Oct/1023095.html
Mozilla Firefox May Disclose Form History to Remote Users
http://securitytracker.com/alerts/2009/Oct/1023094.html
Mozilla Firefox Media Libraries Contain Flaws That Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023091.html
Mozilla Firefox Bugs in JavaScript Engine, Browser Engine, and Other Components Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2009/Oct/1023090.html
VMware ESX/ESXi Directory Traversal Flaw Lets Remote Users Obtain Arbitrary Files
http://securitytracker.com/alerts/2009/Oct/1023089.html
VMware Server Directory Traversal Flaw Lets Remote Users Obtain Arbitrary Files
http://securitytracker.com/alerts/2009/Oct/1023088.html
VMware ESX Page Fault Exception Handling Flaw Lets Local Users on a Guest OS Gain Elevated Privileges on the Guest OS
http://securitytracker.com/alerts/2009/Oct/1023083.html
VMware Page Fault Exception Handling Flaw Lets Local Users on a Guest OS Gain Elevated Privileges on the Guest OS
http://securitytracker.com/alerts/2009/Oct/1023082.html
Firefox 3.5.4 / 3.0.15 リリース
http://mozilla.jp/firefox/3.5.4/releasenotes/
http://mozilla.jp/firefox/3.0.15/releasenotes/
Mozilla SeaMonkey Code Execution and Spoofing Vulnerabilities
http://www.vupen.com/english/advisories/2009/3064
Mozilla Firefox Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2009/3063
VMware Directory Traversal and Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2009/3062
Wireshark Multiple Protocol Dissector Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2009/3061
Adobe Reader and Acrobat (CVE-2009-2994) U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
+ Multiple Integer Overflow Vulnerabilities in the FreeType 2 Font Engine May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270268-1
+ Security Vulnerabilities in PostgreSQL Shipped with Solaris may Allow a Denial of Service (DoS) or Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1
http://www.securityfocus.com/bid/36314
+ A Security Weakness in Solaris Trusted Extensions May Facilitate Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270969-1
http://www.securityfocus.com/bid/36840
+ Security Vulnerability in Mozilla Thunderbird Related to SSL Certificates May Cause Arbitrary Code Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269468-1
+ RHSA-2009:1528-1: Moderate: samba security and bug fix update
http://rhn.redhat.com/errata/RHSA-2009-1528.html
+ RHSA-2009:1529-1: Moderate: samba security update
http://rhn.redhat.com/errata/RHSA-2009-1529.html
+ [Security-announce] VMSA-2009-0015 VMware hosted products and ESX patches resolve two security issues
http://lists.vmware.com/pipermail/security-announce/2009/000069.html
http://www.securityfocus.com/bid/36841
+ Linux Kernel connector Security Bypass
http://secunia.com/advisories/37113/
http://www.vupen.com/english/advisories/2009/3050
http://www.securityfocus.com/bid/36834
+ OpenLDAP NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3056
- Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) - Adobe Security Bulletin APSB09-15
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270669-1
SUN ALERT WEEKLY SUMMARY REPORT - Week of 18-Oct-2009 to 24-Oct-2009
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270929-1
Asterisk : ACL not respected on SIP INVITE
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30740
Debian : New nginx packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30738
DSecRG : Oracle 10g CTXSYS.DRVXTABC - plsql injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30745
Independent Researcher : squidGuard 1.3 & 1.4 : buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30739
Independent Researcher : Cherokee Web Server 0.5.4 Denial Of Service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30741
NGSSoftware : SharePoint 2007 ASP.NET Source Code Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30744
RHBA-2009:1525-1: libuser bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1525.html
RHBA-2009:1527-1: nss_ldap bug fix update
http://rhn.redhat.com/errata/RHBA-2009-1527.html
RHSA-2009:1530-1: Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2009-1530.html
RHSA-2009:1531-1: Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2009-1531.html
{PRL} Rising Antivirus 2009 Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00249.html
{PRL} Rising Firewall 2009 Privilege Escalation
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00247.html
Rising Multiple Products Local Privilege Escalation Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00246.html
Adobe Acrobat Reader up to 9.1.1 ONLY Linux integer overflow to heap overflow.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00248.html
Aruba Networks Advisory ID: AID-102609 - Malformed 802.11 Association Request frame causes
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-10/msg00258.html
Cyber Security Awareness Month - Day 27 - Active Directory Ports
http://isc.sans.org/diary.html?storyid=7468
New VMware Desktop Products Released (Workstation, Fusion, ACE)
http://isc.sans.org/diary.html?storyid=7471
VMware Security Advisory: VMSA-2009-0015
http://isc.sans.org/diary.html?storyid=7474
FURUKAWA ELECTRIC FITELnet-F Series IPv6 Neighbor Discovery Protocol Denial of Service
http://secunia.com/advisories/37171/
Yamaha RT Series Routers IPv6 Neighbor Discovery Protocol Denial of Service
http://secunia.com/advisories/37170/
Fedora update for systemtap
http://secunia.com/advisories/37167/
Fedora update for python-markdown2
http://secunia.com/advisories/37166/
Fedora update for jasper
http://secunia.com/advisories/37164/
Fedora update for kernel
http://secunia.com/advisories/37163/
Fedora update for wordpress
http://secunia.com/advisories/37162/
Fedora update for BackupPC
http://secunia.com/advisories/37161/
Fedora update for sahana
http://secunia.com/advisories/37160/
Fedora update for poppler
http://secunia.com/advisories/37159/
TFT Gallery "album" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37156/
Basic Analysis And Security Engine Multiple Vulnerabilities
http://secunia.com/advisories/37147/
python-markdown2 Script Insertion Vulnerabilities
http://secunia.com/advisories/37142/
Linux Kernel connector Security Bypass
http://secunia.com/advisories/37113/
Debian update for nginx
http://secunia.com/advisories/37110/
IBM Lotus Connections Mobile Activities Cross-Site Scripting
http://secunia.com/advisories/37106/
Aruba Mobility Controller 802.11 Association Request Denial of Service
http://secunia.com/advisories/37085/
Asterisk SIP INVITE ACL Security Bypass
http://secunia.com/advisories/37056/
Zone-H statement on security trainings offered by E2-labs.com
http://www.zone-h.org/news/id/4716
KDE Request Injection and Directory Traversal Vulnerabilities
http://www.vupen.com/english/advisories/2009/3060
Jetty Servlets Cross Site Scripting and Information Disclosure Issues
http://www.vupen.com/english/advisories/2009/3059
TFT Gallery "album" Parameter Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3058
Novell eDirectory HTTP Request Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2009/3057
OpenLDAP NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3056
Mutt SSL NULL Character Handling Certificate Spoofing Vulnerability
http://www.vupen.com/english/advisories/2009/3055
Basic Analysis and Security Engine Multiple Remote Vulnerabilities
http://www.vupen.com/english/advisories/2009/3054
FURUKAWA ELECTRIC FITELnet-F Series IPv6 DoS Vulnerability
http://www.vupen.com/english/advisories/2009/3053
Yamaha RT IPv6 Neighbor Discovery Protocol DoS Vulnerability
http://www.vupen.com/english/advisories/2009/3052
Aruba Networks ArubaOS 802.11 Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3051
Linux Kernel Connectors Multiple Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3050
Asterisk SIP INVITE Handling ACL Check Bypass Vulnerability
http://www.vupen.com/english/advisories/2009/3049
IBM Lotus Connections Mobile Activities Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2009/3048
Python-markdown2 Image Reference and MD5 Script Injection Issues
http://www.vupen.com/english/advisories/2009/3041
Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36843
Sahana 'mod' Parameter Local File Disclosure Vulnerability
http://www.securityfocus.com/bid/36826
JasPer 1.900.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/31470
EMC RepliStor Server 'rep_serv.exe' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36738
TBmnetCMS 'content' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36733
Opial Multiple Vulnerabilities
http://www.securityfocus.com/bid/35641
VMware Products Page Fault Exception Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36841
VMware Products Directory Traversal Vulnerability
http://www.securityfocus.com/bid/36842
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36814
Linux Kernel eCryptfs 'parse_tag_11()' Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35851
Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36512
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
eCryptfs 'parse_tag_3_packet()' Packet Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35850
Websense Email Security Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36741
Websense Email Security and Email Manager 'STEMWADM.EXE' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36740
Asterisk Missing ACL Check Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/36821
Aruba Mobility Controller 802.11 Association Request Frame Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36832
Achievo 'debugger.php' Remote File Include Vulnerability
http://www.securityfocus.com/bid/36822
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/26375
Sun Solaris Trusted Extensions Policy Configuration Remote Privilege Escalation Weakness
http://www.securityfocus.com/bid/36840
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Gpg4win Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36811
Smarty Template Engine 'Smarty_Compiler.class.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/31862
FreeType Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34550
Smarty Template Engine 'function.math.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/34918
Bftpd Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36820
RunCMS 'forum' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36816
SystemTap Unprivileged Mode Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/36778
RunCMS 'pid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/36825
Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36812
PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314
Samba Format String And Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/35472
Samba Oplock Break Notification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36573
Samba Misconfigured '/etc/passwd' File Security Bypass Vulnerability
http://www.securityfocus.com/bid/36363
Samba setuid 'mount.cifs' Verbose Option Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36572
Adobe Reader and Acrobat (CVE-2009-2994) U3D 'CLODMeshDeclaration' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36689
Linux Kernel Netlink Packets Security Bypass Vulnerability
http://www.securityfocus.com/bid/36834
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Multiple Vendors IPv6 Implementation Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36835
IBM Lotus Connections Mobile Activities Pages Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36831
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
BackupPC 'ClientNameAlias()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/36575
Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36379
Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35929
Linux Kernel 'net/ax25/af_ax25.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36635
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
KDE Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/36845
nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36839
Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36836
python-markdown2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36829
0 件のコメント:
コメントを投稿