Linux Kernel release: 2.6.33-rc4
http://www.linux.org/news/2010/01/13/0001.html
ウイルスバスター コーポレートエディション 10.0 Critical Patch (ビルド 1274)の公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1350
Adobe Reader および Acrobat の脆弱性(APSB10-02)について
http://www.ipa.go.jp/security/ciadr/vul/20100113-adobe.html
ウェブサイト管理者へ:ウェブサイト改ざんに関する注意喚起
一般利用者へ:改ざんされたウェブサイトからのウイルス感染に関する注意喚起
http://www.ipa.go.jp/security/topics/20091224.html
重要インフラ情報セキュリティフォーラム2010
http://www.ipa.go.jp/security/event/2009/infra-sem/index.html
Adobe Reader 及び Acrobat の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100003.txt
Adobe Reader 及び Acrobat の未修正の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2009/at090027.txt
Web サイト改ざん及びいわゆる Gumblar ウイルス感染拡大に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100001.txt
2010年1月 Microsoft セキュリティ情報 (緊急 1件) に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100002.txt
JVNTA10-012B Microsoft Windows における EOT フォント エンジンおよび Adobe Flash Player 6 の脆弱性
http://jvn.jp/cert/JVNTA10-012B/index.html
JVNTA10-012A Oracle 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-012A/index.html
JVNDB-2009-002405 PHP の proc_open 関数における任意の環境でプログラムを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002405.html
JVNDB-2009-002404 PHP における multipart/form-data POST リクエストの処理に関するサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002404.html
JVNDB-2009-002403 PHP の posix_mkfifo 関数における open_basedir の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002403.html
JVNDB-2009-002402 PHP の tempnam 関数における safe_mode の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002402.html
PUBLIC ADVISORY: 01.13.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=836
Google's response to being attacked by China
http://isc.sans.org/diary.html?storyid=7969
Vulnerability Note VU#773545: NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows
http://www.kb.cert.org/vuls/id/773545
Adobe Acrobat and Adobe Reader Flaws Lets Remote Users Execute Arbitrary Code and Deny Service
http://securitytracker.com/alerts/2010/Jan/1023446.html
Oracle Primavera Products Suite Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2010/Jan/1023444.html
Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Flaws Let Remote Authenticated Users Access and Modify Data
http://securitytracker.com/alerts/2010/Jan/1023441.html
Kerberos AES and RC4 Integer Underflow May Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023440.html
TurboFTP DELE Command Overflow Lets Remote Authenticated Users Deny Service
http://securitytracker.com/alerts/2010/Jan/1023434.html
Transmission Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/37659
Trac Alternate Formats Policy Check Bypass Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37441
+ マイクロソフト 2010 年 1 月のセキュリティ情報
http://www.microsoft.com/japan/technet/security/bulletin/ms10-jan.mspx
+ MS10-001: Embedded OpenType フォント エンジンの脆弱性により、リモートでコードが実行される (972270)
http://www.microsoft.com/japan/technet/security/bulletin/ms10-001.mspx
+ マイクロソフト セキュリティ アドバイザリ (979267): Windows XP で提供される Adobe Flash Player 6 の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/979267.mspx
http://www.microsoft.com/technet/security/advisory/979267.mspx
+ A Security Vulnerability in Solaris Trusted Extensions due to Missing Libraries may Allow Privilege Escalation
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275410-1
+ Security Vulnerability in the OSCAR Protocol Plugin for pidgin(1) may Lead to a Denial of Service (DoS) Condition
http://sunsolve.sun.com/search/document.do?assetkey=1-66-272489-1
+ Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273570-1
+ An Integer Overflow Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274390-1
+ Oracle Critical Patch Update Advisory - January 2010 (DB/AP)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
http://securitytracker.com/alerts/2010/Jan/1023436.html
http://securitytracker.com/alerts/2010/Jan/1023438.html
+ Oracle Critical Patch Update Advisory - January 2010 (WebLogic)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
http://securitytracker.com/alerts/2010/Jan/1023442.html
+ RHSA-2009:1595-2: Moderate: cups security update
http://rhn.redhat.com/errata/RHSA-2009-1595.html
+ RHSA-2010:0029-2: Critical: krb5 security update
http://rhn.redhat.com/errata/RHSA-2010-0029.html
+ Linux Kernel 'print_fatal_signal()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37724
- Security Vulnerability in Identity Manager 8.1.0.5 and 8.1.0.6 Configured with Sun Java System Access Manager, OpenSSO Enterprise 8.0 or IBM Tivoli Access Manager
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1
[ANN] Ant 1.8.0RC1 released
http://ant.apache.org/
Lotus iNotes ウルトラライトモードのクロスサイトスクリプティングに関する脆弱性の問題
http://www-06.ibm.com/jp/domino04/lotus/support/faqs/faqs.nsf/all/733845
Potential cross-site scripting vulnerabilities in Lotus iNotes ultra-light mode
http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21417063
RHBA-2010:0027-1: tcsh bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0027.html
Mandriva : pidgin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31423
Mandriva : pidgin
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31424
SuSE : IBM Java 5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31425
Independent Researcher : XSS Vulnerability in Active Calendar 1.2.0
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31426
Mandriva : firefox
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31408
Mandriva : freeradius
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31420
Mandriva : squidGuard
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31421
Mandriva : squid
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31422
Invitation: nullcon Goa 2010 International Security & Hacking Conference
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00069.html
[ MDVSA-2010:002 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00068.html
[ MDVSA-2010:001 ] pidgin
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00067.html
「ファイルを修復したければ買え」――偽ソフトを押し売りするウイルス
文書ファイルなどを暗号化、偽ソフトの販売サイトへ誘導
http://itpro.nikkeibp.co.jp/article/NEWS/20100113/343114/?ST=security
「『ガンブラー』はウイルスの名前ではない」――シマンテックが解説
オリジナルは2009年5月に出現、「感染するウイルスは同じとは限らない」
http://itpro.nikkeibp.co.jp/article/NEWS/20100113/343113/?ST=security
IPv6 and isc.sans.org
http://isc.sans.org/diary.html?storyid=7948
Baidu defaced - Domain Registrar Tampering
http://isc.sans.org/diary.html?storyid=7951
Microsoft Security Bulletin: January 2010
http://isc.sans.org/diary.html?storyid=7954
Microsoft Advices XP Users to Uninstall Flash Player 6
http://isc.sans.org/diary.html?storyid=7957
Oracle Patches Relased
http://isc.sans.org/diary.html?storyid=7960
Pre-Announced Adobe Reader and Acrobat Patch Found!
http://isc.sans.org/diary.html?storyid=7963
Haiti Earthquake: Possible scams / malware
http://isc.sans.org/diary.html?storyid=7966
Joomla! JVClouds3D Module "tagcloud" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38161/
Movie Player Pro SDK ActiveX Control "DrawText()" Buffer Overflow
http://secunia.com/advisories/38156/
CS-Cart Cross-Site Request Forgery
http://secunia.com/advisories/38155/
SUSE Update for Multiple Packages
http://secunia.com/advisories/38152/
Glitter Central Script "catid" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38146/
Active Calendar Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/38144/
SUSE update for java-1_5_0-ibm
http://secunia.com/advisories/38142/
WebCalenderC3 Cross-Site Scripting and Local File Inclusion Vulnerabilities
http://secunia.com/advisories/38135/
Apple Mac OS X "strtod()" Floating Point Parsing Memory Corruption
http://secunia.com/advisories/38066/
Todoo Forum "id_forum" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/38060/
Microsoft Windows Embedded OpenType Font Engine Vulnerability
http://secunia.com/advisories/35457/
Microsoft Windows Flash Player Multiple Vulnerabilities
http://secunia.com/advisories/27105/
Vulnerability Note VU#204889: Windows XP Macromedia Flash 6 ActiveX control memory corruption vulnerability
http://www.kb.cert.org/vuls/id/204889
Oracle BEA WebLogic Server and Portal Bugs Let Remote Users Access and Modify Data and Deny Service
http://securitytracker.com/alerts/2010/Jan/1023442.html
Oracle E-Business Suite Bugs Let Remote Users Access and Modify Data
http://securitytracker.com/alerts/2010/Jan/1023439.html
Oracle Application Server Bugs Let Remote Users Access and Modify Data and Let Local Users Access Data
http://securitytracker.com/alerts/2010/Jan/1023438.html
Oracle Secure Backup Lets Remote Users Take Full Control of the Target System
http://securitytracker.com/alerts/2010/Jan/1023437.html
Oracle Database Flaws Let Remote Users Take Fully Control of the Database or System
http://securitytracker.com/alerts/2010/Jan/1023436.html
Adobe Flash 6 on Windows XP Has Multiple Flaws That Let Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023435.html
IBM Tivoli Directory Server Null Pointer Dereference Lets Remote Users Crash the Server
http://securitytracker.com/alerts/2010/Jan/1023433.html
Microsoft Embedded OpenType Font Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023432.html
Microsoft Windows EOT Engine Integer Overflow Vulnerability (MS10-001)
http://www.vupen.com/english/advisories/2010/0095
Apple Mac OS X "strtod()" Floating Point Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2010/0094
Movie Player Pro SDK ActiveX "DrawText()" Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/0093
IBM WebSphere DataPower SOA Appliances TLS/SSL Vulnerability
http://www.vupen.com/english/advisories/2010/0092
Sun OpenSolaris Security Update Fixes CUPS Denial of Service Issue
http://www.vupen.com/english/advisories/2010/0091
Cherokee Terminal Escape Sequence Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0090
Ruby WEBrick Terminal Escape Sequence Injection Vulnerability
http://www.vupen.com/english/advisories/2010/0089
RETIRED: Oracle January 2010 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/37668
Oracle Database CVE-2010-0072 Oracle Secure Backup Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37733
Fedora SSSD BE Database No Password Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35868
Pidgin 'msn_slplink_process_msg()' NULL Pointer Dereference Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36071
Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability
http://www.securityfocus.com/bid/36719
Pidgin Libpurple Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/36277
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
ImageMagick TIFF File Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35111
DevIL DICOM File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37207
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
TurboFTP 'DELE' FTP Command Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37726
Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/37366
Wireshark ERF File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36591
Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
http://www.securityfocus.com/bid/36846
Wireshark 1.2.0 Multiple Vulnerabilities
http://www.securityfocus.com/bid/35748
Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
http://www.securityfocus.com/bid/37370
Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/37367
Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37365
Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/37361
Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37363
Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
http://www.securityfocus.com/bid/37360
Microsoft Windows Embedded OpenType Font Engine LZCOMP Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37671
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35828
Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35832
Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
http://www.securityfocus.com/bid/35830
Sendmail NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37543
CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/36958
CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37048
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
FAQEngine 'path_faqe' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/37719
Xpdf Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36703
Poppler 'create_surface_from_thumbnail_data()' Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36718
Poppler 'ABWOutputDev.cc' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36976
CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/35195
Xpdf 'FoFiType1::parse' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37350
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
HTML-Parser Invalid HTML Entity Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36807
KDE KDELibs 'dtoa()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37080
Lighttpd 'mod_userdir' Case Sensitive Comparison Security Bypass Vulnerability
http://www.securityfocus.com/bid/31600
Opera Web Browser 'dtoa()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37078
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
http://www.securityfocus.com/bid/34412
Zope Object Database ZEO Network Protocol Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/35987
HTMLDOC 'html' File Handling Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35727
Cacti Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/37109
Pidgin 'protocols/jabber/auth.c' JABBER Server XMPP Specifications Man In The Middle Vulnerability
http://www.securityfocus.com/bid/36368
Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/37137
Pidgin Yahoo Instant Messenger Protocol Link Denial of Service Vulnerability
http://www.securityfocus.com/bid/36367
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
HP StorageWorks Products Remote Management Interface Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36388
RETIRED: Windows Live Messenger 'ViewProfile()' Method ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37680
Sorinara Soritong MP3 Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34863
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/37715
Oracle WebLogic Server CVE-2010-0074 Remote Vulnerability
http://www.securityfocus.com/bid/37751
Oracle Application Server CVE-2010-0067 Remote Oracle Containers for J2EE Vulnerability
http://www.securityfocus.com/bid/37750
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
Oracle WebLogic Server CVE-2010-0068 Remote WebLogic Server Vulnerability
http://www.securityfocus.com/bid/37748
Fedora SSSD Kerberos Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/37747
Oracle Database CVE-2009-3410 Remote RDBMS Vulnerability
http://www.securityfocus.com/bid/37746
Oracle E-Business Suite CVE-2010-0077 CRM Technical Foundation (mobile) Remote Vulnerability
http://www.securityfocus.com/bid/37745
Oracle Application Server CVE-2010-0070 Remote Oracle Containers for J2EE Vulnerability
http://www.securityfocus.com/bid/37744
Oracle Database CVE-2009-3411 Remote Oracle Data Pump Vulnerability
http://www.securityfocus.com/bid/37743
Oracle WebLogic Server CVE-2010-0078 Remote WebLogic Server Vulnerability
http://www.securityfocus.com/bid/37741
Oracle Database CVE-2009-1996 Remote Logical Standby Vulnerability
http://www.securityfocus.com/bid/37740
Oracle Application Server CVE-2010-0066 Access Manager Identity Server Remote Vulnerability
http://www.securityfocus.com/bid/37739
Oracle Database CVE-2009-3413 Oracle Spatial Remote Vulnerability
http://www.securityfocus.com/bid/37738
Oracle Weblogic Server CVE-2010-0069 Unspecified Remote Vulnerability
http://www.securityfocus.com/bid/37737
Oracle E-Business Suite CVE-2010-0075 Remote Oracle HRMS (Self Service) Vulnerability
http://www.securityfocus.com/bid/37736
Oracle Application Express CVE-2010-0076 Remote Application Express Application Builder Vulnerabilit
http://www.securityfocus.com/bid/37735
Oracle E-Business Suite CVE-2009-3416 Oracle Application Object Library Remote Vulnerability
http://www.securityfocus.com/bid/37734
Oracle PeopleSoft Enterprise HCM CVE-2010-0080 Remote eProfile Vulnerability
http://www.securityfocus.com/bid/37732
Oracle Database and Application Server CVE-2009-3412 Local Unzip Vulnerability
http://www.securityfocus.com/bid/37731
Oracle Database CVE-2009-3414 Oracle Spatial Remote Unspecified Vulnerability
http://www.securityfocus.com/bid/37730
Oracle Database CVE-2009-3415 OLAP Remote Unspecified Vulnerability
http://www.securityfocus.com/bid/37729
Oracle Database CVE-2010-0071 Remote Listener Vulnerability
http://www.securityfocus.com/bid/37728
Linux Kernel 'print_fatal_signal()' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/37724
Open Handset Alliance Android Screen Lock Security Bypass Vulnerability
http://www.securityfocus.com/bid/37723
UDisk Password Field Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37722
Docmint 'id' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37721
PhPepperShop 'USER_ARTIKEL_HANDLING_AUFRUF.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/37707
0 件のコメント:
コメントを投稿