PUBLIC ADVISORY: 03.04.10: Autonomy KeyView OLE Document Integer Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858
JVN#06874657 OpenPNE におけるアクセス制限回避の脆弱性
http://jvn.jp/jp/JVN06874657/index.html
JVNDB-2010-000006 OpenPNE におけるアクセス制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000006.html
JVNDB-2010-001125 OpenOffice.org の filter/ww8/ww8par2.cxx におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001125.html
JVNDB-2010-001124 OpenOffice.org の filter/ww8/ww8par2.cxx における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001124.html
JVNDB-2010-001123 OpenOffice.org の GIFLZWDecompressor::GIFLZWDecompressor 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001123.html
JVNDB-2010-001122 OpenOffice.org の XPMReader::ReadXPM 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001122.html
JVNDB-2010-001121 Adobe BlazeDS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001121.html
JVNDB-2010-001120 Adobe Flash Player および Adobe AIR におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001120.html
JVNDB-2010-001119 複数の Adobe 製品 におけるクロスドメインの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001119.html
OpenSSL Missing Check in kssl_keytab_is_available() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Mar/1023688.html
Symantec Data Loss Prevention Integer Overflow in KeyView Filter in Processing OLE Documents Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023686.html
Symantec Brightmail Integer Overflow in KeyView Filter in Processing OLE Documents Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023685.html
Symantec Mail Security Integer Overflow in KeyView Filter in Processing OLE Documents Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023684.html
+ PHP 5.3.2 Released
http://www.php.net/archive/2010.php#id-1
http://www.php.net/ChangeLog-5.php#5.3.2
+ Suhosin Patch 0.9.9.1 released
http://www.hardened-php.net/suhosin/download.html#suhosin_patch_0.9.9.1
http://www.hardened-php.net/suhosin/changelog.html#pversion_0.9.9.1
+ SA38807: OpenSSL Kerberos "kssk_keytab_is_available()" Denial of Service
http://secunia.com/advisories/38807/
+- OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35174
-+ Integer Overflow Security Vulnerability in AES and RC4 Decryption in the Solaris Kerberos Crypto Library May Lead to Execution of Arbitrary Code or a Denial of Service (DoS)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275530-1
- Multiple Security Vulnerabilities in BIND DNSSEC Software Shipped With Solaris May Cause Bogus NXDOMAIN Responses
http://sunsolve.sun.com/search/document.do?assetkey=1-66-275890-1
FreeBSD 7.3-RC2 Available
http://lists.freebsd.org/pipermail/freebsd-stable/2010-March/055596.html
RHBA-2010:0132-1: openmotif bug fix update
http://rhn.redhat.com/errata/RHBA-2010-0132.html
SYM10-006: Security Advisories Relating to Symantec Products - Multi-Vendor Autonomy KeyView Filter Module OLE Document Processing Overflow
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00
Independent Researcher : fcrontab Information Disclosure Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31920
Independent Researcher : Open redirection vulnerability in the Drupal API function drupal_goto (Drupal 6.15 and 5.21)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31923
VMware : ESX Service Console and vMA third party updates
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31921
Cisco : Multiple Vulnerabilities in Cisco Digital Media Manager
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31915
Cisco : Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31916
Core Security Technologies : Luxology Modo 401 .LXO Integer Overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31918
Debian : New cups packages fix arbitrary code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31912
Gentoo Linux : sudo: Privilege escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=31917
「ガンブラー」の“再攻撃”が相次ぐ、原因は管理用PCのウイルス
「Webページの復旧やパスワード変更だけでは不十分」、IPAが警告
http://itpro.nikkeibp.co.jp/article/NEWS/20100305/345392/?ST=security
CA20100304-01: Security Notice for CA SiteMinder
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00047.html
Apple Airport Wireless Products: Promiscuous FTP PORT Allowed in FTP Proxy Provides Security Bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00043.html
[ MDVSA-2010:054 ] pam_krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00049.html
Unspecified EMC Documentum Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00044.html
NSOADV-2010-006: Authentium Command Free Scan ActiveX Control buffer overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00039.html
Open redirection vulnerability in the Drupal API function drupal_goto (Drupal 6.15 and 5.21)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00046.html
IETF effort: Security Assesment of the Internet Protocol
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00040.html
VMSA-2010-0004 ESX Service Console and vMA third party updates
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00041.html
[xss] a xss on "ThreadID" parameter in BBSXP 2008 from china
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00048.html
fcrontab Information Disclosure Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00045.html
[SECURITY] [DSA 2007-1] New cups packages fix arbitrary code execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00038.html
[USN-906-1] CUPS vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-03/msg00037.html
JVNVU#576029 libpng における圧縮された補助チャンクの処理に脆弱性
http://jvn.jp/cert/JVNVU576029/index.html
Dosya Yukle Script Arbitrary File Upload Security Issue
http://secunia.com/advisories/38822/
Fedora update for argyllcms
http://secunia.com/advisories/38828/
Debian update for cups
http://secunia.com/advisories/38798/
Joomla MyBlog Component "task" File Inclusion Vulnerability
http://secunia.com/advisories/38777/
Drupal Multiple Vulnerabilities
http://secunia.com/advisories/38835/
Comptel Provisioning and Activation "error_msg_parameter" Cross-Site Scripting
http://secunia.com/advisories/38801/
Cisco Digital Media Manager Multiple Vulnerabilities
http://secunia.com/advisories/38800/
OpenSSL Kerberos "kssk_keytab_is_available()" Denial of Service
http://secunia.com/advisories/38807/
Fcron "fcrontab" Insecure File Access Security Issues
http://secunia.com/advisories/38796/
Red Hat update for cups
http://secunia.com/advisories/38785/
Opera "Content-Length" Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/38820/
Fedora update for automake
http://secunia.com/advisories/38827/
Ubuntu update for cups
http://secunia.com/advisories/38786/
RCA DCM425 Cable Modem Denial of Service
http://secunia.com/advisories/38778/
CUPS "lppasswd" Privilege Escalation Vulnerability
http://secunia.com/advisories/38789/
VMware ESX Server 4 Multiple Vulnerabilities
http://secunia.com/advisories/38834/
VMware ESX Server 4 update for newt, nfs-utils, and glib2
http://secunia.com/advisories/38833/
VMware ESX Server Multiple Vulnerabilities
http://secunia.com/advisories/38832/
Drupal Internationalization Module Arbitrary Code Execution Vulnerability
http://secunia.com/advisories/38831/
Wt Two Vulnerabilities
http://secunia.com/advisories/38759/
VMware vMA Update for Multiple Packages
http://secunia.com/advisories/38794/
Drupal eTracker Module Script Insertion Vulnerability
http://secunia.com/advisories/38826/
Drupal Workflow Module Script Insertion Vulnerability
http://secunia.com/advisories/38825/
Fedora update for wireshark
http://secunia.com/advisories/38829/
Cisco Digital Media Player Content Injection Vulnerability
http://secunia.com/advisories/38799/
Drupal AddThis Button Module Script Insertion Vulnerability
http://secunia.com/advisories/38818/
Gentoo update for sudo
http://secunia.com/advisories/38803/
Red Hat update for java-1.5.0-ibm
http://secunia.com/advisories/38781/
Cisco Unified Communications Manager 5 Denial of Service Vulnerabilities
http://secunia.com/advisories/38824/
Cisco Unified Communications Manager Denial of Service Vulnerabilities
http://secunia.com/advisories/38754/
CA SiteMinder Input Validation Flaw in WebWorks Help Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Mar/1023683.html
McAfee LinuxShield Discloses Whether Usernames Are Valid
http://securitytracker.com/alerts/2010/Mar/1023681.html
McAfee LinuxShield Lets Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Mar/1023680.html
Fcron 'fcrontab' Symlink Flaw Lets Local Users View Files
http://securitytracker.com/alerts/2010/Mar/1023677.html
libpng Decompression Process May Let Remote Users Deny Service
http://securitytracker.com/alerts/2010/Mar/1023674.html
Mozilla Firefox XPCOM Utility Chrome Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36857
Mozilla Firefox and SeaMonkey Proxy Auto-Configuration File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/36856
Mozilla Firefox 'document.getSelect' Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36858
Mozilla Firefox Download Manager World Writable File Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36852
Opera Web Browser 'Content-Length' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38519
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36855
Mozilla Firefox CVE-2009-3382 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/36866
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/35888
Sun Java SE November 2009 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36881
Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35891
Mozilla Firefox Form History Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36853
Mozilla Firefox CVE-2009-3380 Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/36871
Mozilla Firefox and SeaMonkey Download Filename Spoofing Vulnerability
http://www.securityfocus.com/bid/36867
Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability
http://www.securityfocus.com/bid/36851
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
http://www.securityfocus.com/bid/37118
GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/34100
Linux Kernel 2.4 and 2.6 Multiple Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/36304
OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35174
Linux Kernel with SELinux 'mmap_min_addr' Low Memory NULL Pointer Dereference Vulnerability
http://www.securityfocus.com/bid/36051
GNU ed File Processing 'strip_escapes()' Heap Overflow Vulnerability
http://www.securityfocus.com/bid/30815
Linux Kernel 'nfs4_proc_lock()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36936
OpenSSL DTLS Packets Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35001
OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability
http://www.securityfocus.com/bid/35138
D-Bus 'dbus_signature_validate()' Type Signature Denial of Service Vulnerability
http://www.securityfocus.com/bid/31602
Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36639
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36901
Wireshark Dissector LWRES Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37985
Newt Text Box Content Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36515
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/34256
'nfs-utils' Package 'hosts_ctl()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/31823
Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/36552
Expat Unspecified XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36723
Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/36827
GNU Automake Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/37378
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37255
Linux Kernel r128 Driver CCE Initialization NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/36824
Linux Kernel '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/36706
MiNBank 'minsoft_path' Parameter Multiple Remote File Include Vulnerabilities
http://www.securityfocus.com/bid/31492
Argyll CMS '55-Argyll.rules' Security Bypass Vulnerability
http://www.securityfocus.com/bid/38532
Fcron 'fcrontab' Symbolic Link Arbitrary File Access Vulnerabilities
http://www.securityfocus.com/bid/38531
0 件のコメント:
コメントを投稿