- HPSBUX02495 SSRT090151 rev.2 - HP-UX Running sendmail, Remote Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01953398
Kernel release: 2.6.32.4-rc1
http://www.linux.org/news/2010/01/14/0003.html
Kernel release: 2.6.31.12-rc1
http://www.linux.org/news/2010/01/14/0002.html
Kernel release: 2.6.27.44-rc1
http://www.linux.org/news/2010/01/14/0001.html
サイベース 価格体系変更のお知らせ
http://www.sybase.jp/detail?id=1067007
JVNVU#492515 Microsoft Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU492515/index.html
JVNTA10-012A Oracle 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA10-012A/index.html
JVNVU#568372 NTP におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU568372/index.html
JVNTA10-012B Microsoft Windows における EOT フォント エンジンおよび Adobe Flash Player 6 の脆弱性
http://jvn.jp/cert/JVNTA10-012B/index.html
JVNDB-2009-002413 IBM DB2 の dasauto における管理者権限を持たないユーザが実行可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002413.html
JVNDB-2009-002412 Sun Solaris の ldap_cachemgr におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002412.html
JVNDB-2009-002411 BIND 9 の DNSSEC 検証処理における脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002411.html
JVNDB-2009-002410 Sun Solaris の sshd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002410.html
Doing the Right Thing
http://isc.sans.org/diary.html?storyid=7996
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Lotus Domino LDAP Message Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/17669
+ A Security Vulnerability in the ntp Daemon (xntpd(1M)) May Lead to a Denial of the Solaris Network Time Protocol(NTP) Service
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1
+ Samba 3.3.10 Available for Download
http://samba.org/samba/history/samba-3.3.10.html
+ Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/979352.mspx
http://isc.sans.org/diary.html?storyid=7993
http://www.kb.cert.org/vuls/id/492515
http://www.securitytracker.com/id?1023462
http://www.securityfocus.com/bid/37815
+ OpenSSL zlib Initialization Error Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Jan/1023460.html
http://secunia.com/advisories/38200/
http://www.vupen.com/english/advisories/2010/0124
http://www.securityfocus.com/bid/31692
+ Linux Kernel FASYNC Use-After-Free Privilege Escalation Vulnerability
http://secunia.com/advisories/38199/
http://www.securityfocus.com/bid/37806
- MySQL 5.5.1-m2 has been released
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-1.html
- IBM Lotus Domino Web Access Input Validation Holes Permit Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jan/1023450.html
- RHSA-2010:0044-1: Important: pidgin security update
http://rhn.redhat.com/errata/RHSA-2010-0044.html
HPSBMA02433 SSRT090084 rev.2 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Unauthorized Access, Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01760771
HPSBPI02500 SSRT090263 rev.1 - HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01975278
VMware to Acquire Zimbra
http://www.zimbra.com/about/vmware-acquires-zimbra.html
RHBA-2010:0042-1: dhcp bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0042.html
Gentoo Linux : Ruby: Terminal Control Character Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31456
Independent Researcher : XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31463
Mandriva : krb5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31440
Mandriva : krb5
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31441
NGENUITY : Zenoss getJSONEventsInfo SQL Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31461
Stratsec : Adobe Acrobat Script Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31462
Ubuntu Security Notice : OpenSSL vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31444
Core Security Technologies : Google SketchUp 'lib3ds' 3DS Importer Memory Corruption
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31460
Debian : New openssl packages fix denial of service
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31445
Gentoo Linux : VirtualBox: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31451
Gentoo Linux : net-snmp: Authorization bypass
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31452
Gentoo Linux : aria2: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31453
Gentoo Linux : Blender: Untrusted search path
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31454
Gentoo Linux : SquirrelMail: Multiple vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31455
Hewlett-Packard : HP Web Jetadmin, Remote Unauthorized Access to Data, Denial of Service (DoS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31465
iDEFENSE : Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31457
Mandriva : bash
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31439
Red Hat : Critical: acroread security and bug fix update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31446
Red Hat : Critical: acroread security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31447
Red Hat : Moderate: gcc and gcc4 security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31448
Red Hat : Moderate: php security update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31449
Security-Assessment.com : Yoono Firefox Extension - Privileged Code Injection
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31458
Ubuntu Security Notice : PHP vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31442
Ubuntu Security Notice : network-manager-applet vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31443
US-CERT : Adobe Reader and Acrobat Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31450
[security bulletin] HPSBMA02433 SSRT090084 rev.2 - HP Discovery & Dependency Mapping Invento
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00100.html
[USN-885-1] Transmission vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00099.html
[ GLSA 201001-09 ] Ruby: Terminal Control Character Injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00094.html
XSS Vulnerability in Drupals Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00093.html
Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00091.html
[ MDVSA-2010:006 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00087.html
[USN-884-1] OpenSSL vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00098.html
[ MDVSA-2010:005 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00089.html
[ GLSA 201001-08 ] SquirrelMail: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00090.html
[ GLSA 201001-07 ] Blender: Untrusted search path
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00095.html
[ GLSA 201001-06 ] aria2: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00086.html
[ GLSA 201001-05 ] net-snmp: Authorization bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00097.html
[ GLSA 201001-04 ] VirtualBox: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-01/msg00092.html
全メールの9割が迷惑メールに、流通量は1年で40兆通
シマンテックが報告、「2000年時点ではわずか8%」
http://itpro.nikkeibp.co.jp/article/NEWS/20100114/343257/?ST=security
Rogue AV exploiting Haiti earthquake
http://isc.sans.org/diary.html?storyid=7987
DRG (Dragon Research Group) Distro available for general release
http://isc.sans.org/diary.html?storyid=7990
0-day vulnerability in Internet Explorer 6, 7 and 8
http://isc.sans.org/diary.html?storyid=7993
PDF Babushka
http://isc.sans.org/diary.html?storyid=7984
Vulnerability Note VU#492515: Microsoft Internet Explorer allows remote code execution
http://www.kb.cert.org/vuls/id/492515
Microsoft Internet Explorer Invalid Pointer Reference Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jan/1023462.html
TIBCO Runtime Agent Discloses Passwords to Local Users
http://securitytracker.com/alerts/2010/Jan/1023461.html
Drupal Own Term Script Insertion Vulnerability
http://secunia.com/advisories/38208/
Drupal Bibliography Module Script Insertion
http://secunia.com/advisories/38207/
TYPO3 OpenID Identity Authentication Security Bypass
http://secunia.com/advisories/38206/
HP Web Jetadmin SQL Server Connection Security Issue
http://secunia.com/advisories/38204/
Fedora update for krb5
http://secunia.com/advisories/38203/
OpenSSL "CRYPTO_free_all_ex_data()" Memory Leak Vulnerability
http://secunia.com/advisories/38200/
Linux Kernel FASYNC Use-After-Free Privilege Escalation Vulnerability
http://secunia.com/advisories/38199/
xt:Commerce Direct URL Module "coID" SQL Injection
http://secunia.com/advisories/38197/
Red Hat update for acroread
http://secunia.com/advisories/38194/
Ubuntu update for network-manager-applet
http://secunia.com/advisories/38193/
Ubuntu update for php
http://secunia.com/advisories/38192/
TIBCO Runtime Agent Domain Properties Files Insecure Permissions
http://secunia.com/advisories/38191/
Red Hat update for gcc and gcc4
http://secunia.com/advisories/38190/
IBM AIX update for OpenSSL
http://secunia.com/advisories/38189/
Red Hat update for php
http://secunia.com/advisories/38188/
Google SketchUp 3DS and SKP Processing Vulnerabilities
http://secunia.com/advisories/38187/
Drupal Node Blocks Module Script Insertion Vulnerability
http://secunia.com/advisories/38186/
lib3ds "face_array_read()" Memory Corruption Vulnerability
http://secunia.com/advisories/38185/
Sun Solaris Kerberos Integer Underflow Vulnerabilities
http://secunia.com/advisories/38184/
Gentoo update for VirtualBox
http://secunia.com/advisories/38182/
Debian update for openssl
http://secunia.com/advisories/38181/
Gentoo update for aria2
http://secunia.com/advisories/38180/
Gentoo update for squirrelmail
http://secunia.com/advisories/38179/
Gentoo update for blender
http://secunia.com/advisories/38178/
Gentoo update for net-snmp
http://secunia.com/advisories/38177/
Ubuntu update for OpenSSL
http://secunia.com/advisories/38175/
WebSphere DataPower TLS Session Renegotiation Vulnerability
http://secunia.com/advisories/38171/
TYPO3 Photo Book Extension Directory Traversal Vulnerability
http://secunia.com/advisories/38163/
Zend Framework Cross-Site Scripting and Security Bypass Vulnerabilities
http://secunia.com/advisories/38127/
Help Desk Software Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/38064/
Apple iTunes 8.1.x (daap) Buffer overflow remote exploit (CVE-2009-0950)
http://www.exploit-db.com/exploits/11138
Winamp 5.05-5.13 .ini local stack buffer overflow poc
http://www.exploit-db.com/exploits/11139
Zend Framework Cross-Site Scripting and MIME Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/0134
Google SketchUp 3DS and SKP Handling Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/0133
HP Web Jetadmin Unauthorized Data Access and DoS Vulnerabilities
http://www.vupen.com/english/advisories/2010/0130
Sun Solaris Kerberos AES and RC4 Integer Underflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/0129
TIBCO Runtime Agent Domain Properties Files Insecure Permissions
http://www.vupen.com/english/advisories/2010/0128
TYPO3 OpenID Extension Remote Authentication Bypass Vulnerability
http://www.vupen.com/english/advisories/2010/0127
TYPO3 Extensions SQL Injection and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/0126
IBM AIX TLS/SSL Session Renegotiation Plaintext Injection Issue
http://www.vupen.com/english/advisories/2010/0125
OpenSSL "CRYPTO_free_all_ex_data()" Memory Leak Vulnerability
http://www.vupen.com/english/advisories/2010/0124
Novell eDirectory 8.7.3 Multiple Unspecified Vulnerabilities
http://www.securityfocus.com/bid/36270
Microsoft WordPad and Office Text Converters Word 97 File Parsing Memory Corruption Vulnerability
http://www.securityfocus.com/bid/37216
HP Discovery and Dependency Mapping Inventory Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/35250
Apple iTunes Multiple URI Handler Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35157
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35944
Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/35958
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/35671
JNLPAppletLauncher Arbitrary File Creation Vulnerability
http://www.securityfocus.com/bid/35946
Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/34240
Sun Java Runtime Environment Proxy Mechanism Implementation Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/35943
Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/35939
Sun Java Runtime Environment JPEG Image Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/35942
Transmission Arbitrary File Overwrite Vulnerability
http://www.securityfocus.com/bid/37659
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
Adobe Reader and Acrobat Forms Data Format Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/37763
aria2 'AbstractCommand::onAbort' Format String Vulnerability
http://www.securityfocus.com/bid/37801
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Linux Kernel 'ebtables' Security Bypass Vulnerability
http://www.securityfocus.com/bid/37762
Linux Kernel 'fasync_helper()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37806
Joomla! 'com_articlemanager' Component 'artid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37799
TIBCO Runtime Agent Domain Properties Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/37805
Microsoft Windows Embedded OpenType Font Engine LZCOMP Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37671
Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/37710
Drupal Node Block Module 'Title' HTML Injection Vulnerability
http://www.securityfocus.com/bid/37782
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities
http://www.securityfocus.com/bid/37749
OpenSSL 'zlib' Compression Memory Leak Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/31692
MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34408
MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/34409
SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities
http://www.securityfocus.com/bid/34916
Blender 'BPY_interface.c' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/31931
aria2 'DHTRoutingTableDeserializer::deserialize()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36332
Net-SNMP 'snmpUDPDomain.c' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/33755
Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36604
Sun VirtualBox Guest Additions Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/37024
Internet Explorer CVE-2010-0249 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/37815
Technology for Solutions 'id' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/37811
xt:Commerce Direct URL Component 'coID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/37808
OpenOffice '.csv' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37807
Zenoss Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/37802
0 件のコメント:
コメントを投稿