JPCERT/CC WEEKLY REPORT 2010-07-14
http://www.jpcert.or.jp/wr/2010/wr102601.html
JVNVU#541921 ISC DHCP にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU541921/index.html
F5 FirePass Input Validation Flaw in Pre-Logon Sequence Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Jul/1024211.html
+ RHSA-2010:0534-1: Important: libpng security update
http://rhn.redhat.com/errata/RHSA-2010-0534.html
++ RHSA-2010:0533-1: Moderate: pcsc-lite security update
http://rhn.redhat.com/errata/RHSA-2010-0533.html
++ PSN-2010-07-867: mbuf memory leak in packet headers when MPLS TTL Expired packets are generated
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-07-867&viewMode=view
++ PSN-2010-07-865: J-Web Cross-Site Scripting (XSS) Vulnerability (PR09-08)
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-07-865&viewMode=view
++ PSN-2010-07-864: Session and buffer overflow issues in J-Web
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-07-864&viewMode=view
[ANNOUNCE] Apache CouchDB 0.11.1 has been released
http://couchdb.apache.org/downloads.html
[ANNOUNCE] Apache CouchDB 1.0.0 has been released
http://couchdb.apache.org/downloads.html
[ANNOUNCE] JMeter 2.4 is released
http://jakarta.apache.org/jmeter/
Icy Silence : D-Link DAP-1160 formFilter buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33117
Microsoft : Microsoft Security Bulletin Summary for July 2010
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33100
Check Point Software Technologies : IBM AIX, Oracle Sun Solaris, HP HP-UX Remote Vulnerability - CVE-2010-0083
http://www.criticalwatch.com/support/security-advisories.aspx?AID=33116
マイクロソフトが「緊急」パッチ、Windows 2000とXP SP2向けは最後
WindowsやOfficeの脆弱性を解消、ヘルプ機能へのゼロデイ攻撃にも対応
http://itpro.nikkeibp.co.jp/article/NEWS/20100715/350304/?ST=security
JVNDB-2010-001685 複数の VMware 製品の WebAccess におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001685.html
JVNDB-2010-001684 複数の VMware 製品の USB サービス における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001684.html
JVNDB-2010-001683 Symantec Workspace Streaming (旧 Symantec AppStream) に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001683.html
JVNDB-2010-001682 Apple iOS の WebKit におけるユーザインターフェースになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001682.html
JVNDB-2010-001681 Apple iOS の WebKit における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001681.html
JVNDB-2010-001680 Apple iOS の設定アプリケーションにおけるユーザを追跡可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001680.html
JVNDB-2010-001679 Apple iOS の Safari におけるリモートの Web サーバがユーザを追跡可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001679.html
JVNDB-2010-001678 Apple iOS の パスコードロックにおける任意のデータにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001678.html
JVNDB-2010-001677 Apple iOS の パスコードロックにおけるパスコード要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001677.html
JVNDB-2010-001676 Apple iOS の ImageIO における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001676.html
JVNDB-2010-001675 Apple iOS の CFNetwork におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001675.html
JVNDB-2010-001674 Apple iOS の Application Sandbox におけるロケーション情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001674.html
JVNDB-2010-001584 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001584.html
JVNDB-2010-001580 Apple Safari の WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001580.html
JVNDB-2010-001579 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001579.html
JVNDB-2010-001578 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001578.html
JVNDB-2010-001577 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001577.html
JVNDB-2010-001573 Apple Safari の WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001573.html
JVNDB-2010-001572 Apple Safari の WebKit の Cascading Style Sheets 実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001572.html
JVNDB-2010-001571 Apple Safari の WebKit における他のサイトから画像を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001571.html
JVNDB-2010-001570 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001570.html
JVNDB-2010-001569 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001569.html
JVNDB-2010-001568 Apple Safari の WebKit における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001568.html
JVNDB-2010-001566 Apple Safari の WebKit における IRC を経由してデータを公開される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001566.html
JVNDB-2010-001565 Apple Safari の WebKit における制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001565.html
JVNDB-2010-001564 Apple Safari の WebKit における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001564.html
JVNDB-2010-001563 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001563.html
JVNDB-2010-001561 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001561.html
JVNDB-2010-001560 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001560.html
JVNDB-2010-001559 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001559.html
JVNDB-2010-001558 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001558.html
JVNDB-2010-001557 Apple Safari の WebKit の Cascading Style Sheets 実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001557.html
JVNDB-2010-001556 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001556.html
JVNDB-2010-001555 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001555.html
JVNDB-2010-001554 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001554.html
JVNDB-2010-001553 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001553.html
JVNDB-2010-001552 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001552.html
JVNDB-2010-001551 Apple Safari の WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001551.html
JVNDB-2010-001549 Apple Safari の WebKit におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001549.html
JVNDB-2010-001547 Apple Safari の Cascading Style Sheet 実装 における重要な URL の情報を見破られる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001547.html
Secunia Half Year Report for 2010 shows interesting trends
http://isc.sans.edu/diary.html?storyid=9172
Winamp Buffer Overflow in Processing FLV Content Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024207.html
Solaris OpenSSO Enterprise Unspecified Flaw Lets Remote Users Modify Data
http://securitytracker.com/alerts/2010/Jul/1024206.html
Oracle Fusion Middleware Flaws Let Remote Users Access and Modify Data and Deny Service
http://securitytracker.com/alerts/2010/Jul/1024205.html
Oracle WebLogic Plugin Encoding Error Lets Remote Users Inject HTTP Headers
http://securitytracker.com/alerts/2010/Jul/1024204.html
IBM solidDB Lets Remote Users Execute Arbitrary Code via a Long Username Field Value
http://securitytracker.com/alerts/2010/Jul/1024203.html
ToolTalk Database Server Heap Overflow in Processing '.rec' Files Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Jul/1024201.html
Avahi Multicast DNS Packet Processing Error in AvahiDnsPacket() Lets Remote Users Deny Service
http://securitytracker.com/alerts/2010/Jul/1024200.html
Vulnerability Note VU#541921: ISC DHCP server fails to handle zero-length client identifier
http://www.kb.cert.org/vuls/id/541921
Ubuntu update for ghostscript
http://secunia.com/advisories/40580/
Campsite "f_search_keywords" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/40589/
2daybiz Custom Business Card Script "login_email" SQL Injection Vulnerability
http://secunia.com/advisories/40587/
FreeType Multiple Vulnerabilities
http://secunia.com/advisories/40586/
Sun Solaris libaudiofile Buffer Overflow Vulnerability
http://secunia.com/advisories/40583/
Sun Solaris RealPlayer Buffer Overflow Vulnerability
http://secunia.com/advisories/40581/
Mortgage and Amortization Calculator Script Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/40613/
I2P Jetty Directory Traversal Vulnerability
http://secunia.com/advisories/40574/
OlyKit eBay Clone Script 2010 "cid" SQL Injection Vulnerability
http://secunia.com/advisories/40612/
Fedora update for qt
http://secunia.com/advisories/40557/
F5 FirePass Security Bypass and Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/40611/
Sun Solaris Multiple Vulnerabilities
http://secunia.com/advisories/40602/
Sun GlassFish Enterprise Server and Java System Application Server Unspecified Vulnerability
http://secunia.com/advisories/40610/
Sun Access Manager / OpenSSO Multiple Vulnerabilities
http://secunia.com/advisories/40608/
Oracle Solaris Studio Unspecified Local Data Access Vulnerability
http://secunia.com/advisories/40609/
Sun Java System Web Proxy Server Unspecified Vulnerability
http://secunia.com/advisories/40606/
Oracle WebLogic Server Two Vulnerabilities
http://secunia.com/advisories/40604/
Sun Java Communications Suite Convergence Component Information Disclosure
http://secunia.com/advisories/40607/
Oracle JRockit Multiple Vulnerabilities
http://secunia.com/advisories/40603/
HP Client Automation Enterprise Information Disclosure Security Issue
http://secunia.com/advisories/40592/
Oracle Business Process Management Unspecified Vulnerability
http://secunia.com/advisories/40605/
Oracle Fusion Middleware Products Multiple Vulnerabilities
http://secunia.com/advisories/40597/
Oracle Transportation Manager Two Vulnerabilities
http://secunia.com/advisories/40601/
Oracle Enterprise Manager Grid Control Unspecified Vulnerability
http://secunia.com/advisories/40598/
Oracle PeopleSoft Enterprise Products Multiple Vulnerabilities
http://secunia.com/advisories/40600/
Oracle E-Business Suite Multiple Vulnerabilities
http://secunia.com/advisories/40599/
Oracle TimesTen Two Vulnerabilities
http://secunia.com/advisories/40596/
Oracle Secure Backup Multiple Vulnerabilities
http://secunia.com/advisories/40595/
Oracle Database Multiple Vulnerabilities
http://secunia.com/advisories/40594/
Red Hat update for avahi
http://secunia.com/advisories/40584/
PsNews Sql Injection Vulnerability
http://securityreason.com/securityalert/7590
Apache Tomcat Remote Denial Of Service and Information Disclosure Vulnerability
http://securityreason.com/securityalert/7589
Unreal engine <= 2.5 Clients Unicode Buffer-Overflow in UpdateConnectingMessage http://securityreason.com/securityalert/7588
Xlight FTPd Multiple Directory Traversal in SFTP
http://securityreason.com/securityalert/7587
Redhat Security Update Fixes Avahi Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/1806
Redhat Security Update Fixes GFS Local Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/1805
Fedora Security Update Fixes PCSC-Lite Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/1804
Fedora Security Update Fixes Multiple Local Kernel Vulnerabilities
http://www.vupen.com/english/advisories/2010/1803
Fedora Security Update Fixes Mono Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/1802
Fedora Security Update Fixes Qt Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/1801
Struts2/XWork http://www.exploit-db.com/exploits/14360/
Microsoft Excel 0x5D record Stack Overflow Vulnerability
http://www.exploit-db.com/exploits/14361/
ASX to MP3 Converter v3.1.2.1 SEH Exploit (Multiple OS, DEP and ASLR Bypass)
http://www.exploit-db.com/exploits/14352/
FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/41663
D-Link DAP-1160 Web Administration Interface 'formFilter()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41661
libmikmod Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/38114
PCSC-Lite 'PCSCD' Daemon Unspecified Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40758
Microsoft Outlook TNEF Stream With MAPI Attachment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41446
RETIRED: Oracle July 2010 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/41482
Multiple Vendor ToolTalk Heap Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41598
Oracle Transportation Manager CVE-2010-2371 Unspecified Local Vulnerability
http://www.securityfocus.com/bid/41636
Oracle OpenSSO Enterprise CVE-2009-3762 Unspecified Remote Vulnerability
http://www.securityfocus.com/bid/41603
Oracle Secure Backup CVE-2010-0907 Unspecified Remote Vulnerability
http://www.securityfocus.com/bid/41596
Oracle Secure Backup Scheduler Service Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/41602
Millennium Mp3 Studio '.pls' File Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41658
Ghostscript PostScript Identifier Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/40103
Ghostscript PostScript Infinite Recursion Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40107
Ghostscript 'errprintf()' Function PDF Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37410
Ghostscript 'iscan.c' PDF Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/41593
Oracle WebLogic Server Encoded URL Remote Vulnerability
http://www.securityfocus.com/bid/41620
F5 FirePass Pre-logon Pages Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/41671
F5 FirePass Pre-Login Token Security Bypass Vulnerability
http://www.securityfocus.com/bid/41665
HP OpenVMS Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/41655
2daybiz Custom Business Card Script Login Form Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/41652
0 件のコメント:
コメントを投稿