http://www.ipa.go.jp/security/txt/2009/11outline.html
JPCERT/CC WEEKLY REPORT 2009-11-05
http://www.jpcert.or.jp/wr/2009/wr094201.html
JVNDB-2009-002184 IBM WebSphere Application Server におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002184.html
JVNDB-2009-002183 IBM WebSphere Application Server における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002183.html
JVNDB-2009-002182 IBM WebSphere Application Server の Eclipse Help におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002182.html
JVNDB-2009-002181 HP HP-UX の RBAC におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002181.html
JVNDB-2009-002180 PHP の popen API 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002180.html
JVNDB-2009-002179 PHP における exif のチェックに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002179.html
JVNDB-2009-002178 PHP の php_openssl_apply_verification_policy 関数における証明書の検証処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002178.html
JVNDB-2009-002177 PHP の imagecolortransparent 関数におけるカラーインデックスの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002177.html
JVNDB-2009-001734 CUPS の pdftops フィルタにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001734.html
JVNDB-2009-001269 JBIG2 デコーダにおける SplashBitmap に関連する整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001269.html
JVNDB-2008-002148 Java Runtime Environment (JRE) における RSA 公開鍵に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002148.html
Asterisk Access Control Flaws Permit Cross-Site AJAX Attacks
http://securitytracker.com/alerts/2009/Nov/1023134.html
Asterisk Discloses Valid Usersnames to Remote Users in Response to Specially Crafted REGISTER Messages
http://securitytracker.com/alerts/2009/Nov/1023133.html
APSB09-16: Security updates available for Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb09-16.html
+ A Security Vulnerability in the Java Runtime Environment With Verifying HMAC Digests may Allow Authentication to be Bypassed
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
+ Buffer and Integer Overflow Vulnerabilities in the Java Runtime Environment With Processing Audio and Image Files May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
http://www.vupen.com/english/advisories/2009/3131
http://securitytracker.com/alerts/2009/Nov/1023132.html
+ The Java Update Mechanism on Non-English Versions Does Not Update the JRE When a New Version is Available
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
+ Two Security Vulnerabilities in the Java Runtime Environment With Decoding DER Encoded Data and Parsing HTTP Headers may Result in a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
+ Command Execution Vulnerability in the Java Runtime Environment Deployment Toolkit May be Leveraged to Execute Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1
+ Security Vulnerability in the Java Web Start Installer May be Leveraged to Allow Untrusted Java Web Start Application to Run As Trusted Application
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
+ cURL 7.19.7 released
http://curl.haxx.se/download.html
http://curl.haxx.se/changes.html
ISC BIND 9.7.0b2 is now available
ftp://ftp.isc.org/isc/bind9/9.7.0b2/bind-9.7.0b2.tar.gz
A Security Vulnerability in Sun Virtual Desktop Infrastructure (VDI) Software 3.0 may Lead to Unauthorized Access to the VirtualBox Web Service
http://sunsolve.sun.com/search/document.do?assetkey=1-66-268328-1
Linux Kernel release: 2.6.32-rc6
http://www.linux.org/news/2009/11/04/0001.html
Postfix 2.7-20091104-nonprod non-production release
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.7-20091104-nonprod.HISTORY
Timekeeping best practices for Linux guests
http://kb.vmware.com/selfservice/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=1006427&sliceId=1&docTypeID=DT_KB_1_1
Independent Researcher : Bractus SunTrack Multiple XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30805
Independent Researcher : e-Courier Tracking Site Multiple Script UserGUID Parameter XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30806
Independent Researcher : Apple ptrace panic PoC - R.I.P str0ke
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30807
Secunia : IBM Tivoli Storage Manager CAD Service Buffer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30808
SuSE : Mozilla Firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30797
SuSE : IBM Java 6
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30798
Independent Researcher : Wowd_search_client_multiple_variable_xss
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30809
Independent Researcher : New vulnerability in Xerox Fiery Webtools
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30810
Mandriva : wireshark
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30795
Mandriva : squidGuard
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30796
Red Hat : Important: kernel-rt security, bug fix, and enhancement update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30799
Red Hat : Important: kernel security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30800
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30801
Red Hat : Moderate: wget security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30802
Red Hat : Important: kernel security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=30803
敵機を撃つたびファイルが消える、「ゲームウイルス」出現
米シマンテックが報告、Mac OS Xユーザーがターゲット
http://itpro.nikkeibp.co.jp/article/NEWS/20091105/340069/?ST=security
「過半数のユーザーは『偽ソフト』を知らない」、IPAの調査
パスワードに気を付けているのは半数以下、「使い回し」は35%
http://itpro.nikkeibp.co.jp/article/NEWS/20091105/340079/?ST=security
JVNVU#943657 複数の TCP の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU943657/
Context IS Advisory - Autocomplete Data Theft in Mozilla Firefox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00033.html
[security bulletin] HPSBUX02355 SSRT080023 rev.2 - HP-UX Using libc, Remote Denial of Servic
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00029.html
Secunia Research: IBM Tivoli Storage Manager CAD Service Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00023.html
VUPEN Security - Adobe Shockwave Player Multiple Code Execution Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00031.html
Bractus SunTrack Multiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2009-11/msg00024.html
SUSE update for MozillaFirefox
http://secunia.com/advisories/37257/
Fedora update for wireshark
http://secunia.com/advisories/37254/
Red Hat update for kernel
http://secunia.com/advisories/37252/
Red Hat update for kernel-rt
http://secunia.com/advisories/37251/
Sun Solaris PostgreSQL Privilege Escalation and Denial of Service
http://secunia.com/advisories/37250/
Sun Solaris Sockets Direct Protocol Driver Denial of Service
http://secunia.com/advisories/37249/
Sun Solaris XScreenSaver Pop-up Windows Security Bypass
http://secunia.com/advisories/37248/
Sun Solaris Adobe Reader Multiple Vulnerabilities
http://secunia.com/advisories/37247/
Sun Solaris FreeType Multiple Vulnerabilities
http://secunia.com/advisories/37246/
Fedora update for PyXML
http://secunia.com/advisories/37245/
BlackBerry Desktop Software Lotus Notes Intellisync Arbitrary Code Execution
http://secunia.com/advisories/37244/
Red Hat update for kernel
http://secunia.com/advisories/37243/
e-Courier CMS "UserGUID" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/37240/
Shibboleth Identity / Service Provider Cross-Site Scripting and Script Insertion
http://secunia.com/advisories/37237/
Hitachi Cosminexus XML Processor Denial of Service Vulnerability
http://secunia.com/advisories/37236/
RoundCube Webmail Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/37235/
Fedora update for expat
http://secunia.com/advisories/37234/
Linux Kernel "fs/pipe.c" Locking Error NULL Pointer Dereference
http://secunia.com/advisories/37233/
Sun Java JDK / JRE Multiple Vulnerabilities
http://secunia.com/advisories/37231/
Remote Files Insecure Default Directory Permissions
http://secunia.com/advisories/37227/
Fedora update for squidGuard
http://secunia.com/advisories/37226/
Sun Solaris Trusted Extensions XScreenSaver Security Bypass
http://secunia.com/advisories/37224/
Red Hat update for kernel
http://secunia.com/advisories/37223/
Fedora update for mimetex
http://secunia.com/advisories/37216/
Red Hat update for wget
http://secunia.com/advisories/37215/
Adobe Shockwave Player Multiple Vulnerabilities
http://secunia.com/advisories/37214/
Fedora update for xulrunner
http://secunia.com/advisories/37213/
Fedora update for firefox
http://secunia.com/advisories/37212/
SafeNet SoftRemote Policy File Buffer Overflow Vulnerability
http://secunia.com/advisories/37207/
IBM Tivoli Storage Manager Client Multiple Vulnerabilities
http://secunia.com/advisories/32534/
Solaris Trusted Extensions May Prevent XScreenSaver Screen From Locking
http://securitytracker.com/alerts/2009/Nov/1023127.html
XScreenSaver May Allow Pop-up Windows to Bypass the Screen Saver When Accessibility is Enabled
http://securitytracker.com/alerts/2009/Nov/1023126.html
Novell eDirectory LDAP Null Base DN DoS Vulnerability
http://www.securiteam.com/unixfocus/6R00415Q0A.html
HP-UX Using libc DoS Vulnerability
http://www.securiteam.com/unixfocus/6Q00315Q0Q.html
Adobe Shockwave Player Multiple Code Execution Vulnerabilities
http://www.securiteam.com/unixfocus/6P00215Q0Q.html
IBM Tivoli Storage Manager CAD Service Buffer Overflow
http://www.securiteam.com/unixfocus/6O00115Q0A.html
Skeletons in Hyderabad's cyber-closet - PART ONE?
http://www.zone-h.org/news/id/4720
Linux Kernel "fs/pipe.c" NULL Pointer Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2009/3136
Hitachi Cosminexus XML Processor Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3135
Adobe Shockwave Player Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2009/3134
BlackBerry Desktop Software Lotus Notes Intellisync Vulnerability
http://www.vupen.com/english/advisories/2009/3133
IBM Tivoli Storage Manager Client Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2009/3132
Sun Java Multiple Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2009/3131
Sun Solaris Sockets Direct Protocol Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2009/3130
Roundcube Webmail index.PHP Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/21042
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
TYPO3 Core Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36801
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Drupal S5 Presentation Player Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/36923
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/32608
Roundcube Webmail Background Attributes Email Message HTML Injection Vulnerability
http://www.securityfocus.com/bid/33372
Roundcube Webmail CSS Expression Input Validation Vulnerability
http://www.securityfocus.com/bid/26800
Drupal User Protect Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/36922
Roundcube Webmail Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/36920
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox CVE-2009-3379 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36875
Mozilla Firefox CVE-2009-3377 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36872
Mozilla Firefox CVE-2009-3378 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36873
Mozilla Firefox CVE-2009-3381 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36870
Mozilla Firefox CVE-2009-3383 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36869
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
Mozilla Firefox JavaScript Web-Workers Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36854
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35942
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
Sun Virtual Desktop Infrastructure Authentication Mechanism Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/36917
Adobe Shockwave Player Multiple Remote Code Execution and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36905
Microsoft GDI+ TIFF File Processing 'BitsPerSample' Tag Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36646
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35828
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
squidGuard Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/36800
Best Practical Solutions RT 'Custom Field' HTML Injection Vulnerability
http://www.securityfocus.com/bid/36417
mimeTeX Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36631
mimeTeX Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36632
Wireshark 1.2.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36408
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
Wireshark 1.2.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35748
SafeNet SoftRemote Policy File Handling Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36907
IBM Tivoli Storage Manager Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/36916
Hitachi Cosminexus XML Processor Denial of Service Vulnerability
http://www.securityfocus.com/bid/36913
Apple Mac OS X 'ptrace' Mutex Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36915
BlackBerry Desktop Manager ActiveX Control Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36903
Sun Solaris XScreenSaver Popup Windows Security Bypass Vulnerability
http://www.securityfocus.com/bid/36910
Linux Kernel 'PER_CLEAR_ON_SETID' Incomplete Personality List Access Validation Weakness
http://www.securityfocus.com/bid/35647
Linux Kernel '__scm_destroy()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/32154
Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/35185
Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/35930
Linux Kernel Multiple Protocols Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36176
Linux Kernel 'sendmsg()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/32516
Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/34405
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
Linux Kernel 64-bit Kernel Register Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36576
IBM PowerHA Cluster Management Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/36931
Drupal Zoomify Module 'node title' HTML Injection Vulnerability
http://www.securityfocus.com/bid/36930
Drupal Organic Groups Vocabulary Group Title HTML Injection Vulnerability
http://www.securityfocus.com/bid/36929
Drupal Link Module 'Link Title' HTML Injection Vulnerability
http://www.securityfocus.com/bid/36928
Drupal NGP COO/CWP Integration Module Security Bypass and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/36927
Prototype JavaScript Framework Cross-Site Ajax Request Vulnerability
http://www.securityfocus.com/bid/36926
Drupal Smartqueue OG Confirmation Message Security Bypass Vulnerability
http://www.securityfocus.com/bid/36925
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36924
0 件のコメント:
コメントを投稿