+ Linux Kernel 2.6.35.7 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.7
http://www.linux.org/news/2010/09/29/0001.html
+ Linux Kernel "snd_ctl_new()" Integer Overflow Vulnerability
http://secunia.com/advisories/41650/
+ RHSA-2010:0723-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0723.html
- BIND Denial of Service and Security Bypass Vulnerabilities
http://secunia.com/advisories/41654/
http://www.securityfocus.com/bid/43573
- HS10-025: Authentication Bypass Vulnerability in JP1/NETM/Remote Control Agent
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-025/index.html
- UPDATE: HS10-025: JP1/NETM/Remote Control Agentにおける認証バイパスの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-025/index.html
[ANN] Apache Shindig 2.0.0 released
http://www.apache.org/dyn/closer.cgi/shindig/2.0.0
CESA-2010:0720 (mikmod)
http://lwn.net/Alerts/407572/
CESA-2010:0720 (mikmod)
http://lwn.net/Alerts/407573/
CESA-2010:0718 (kernel)
http://lwn.net/Alerts/407574/
UPDATE: MS10-061 - Critical: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
http://www.microsoft.com/technet/security/bulletin/MS10-061.mspx
UPDATE: MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
http://www.microsoft.com/technet/security/bulletin/MS10-060.mspx
ASTERIA WARP 4.5 を出荷開始しました
http://asteria.jp/news/20100930-143244.html
HS10-026: Multiple vulnerabilities were found in Groupmax Scheduler Server.
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-026/index.html
UPDATE: HS10-017: Cosminexus製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-017/index.html
[Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00218.html
[security bulletin] HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory Server and Red Hat Direct
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00216.html
[USN-996-1] Mako vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00211.html
[USN-995-1] libMikMod vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00210.html
[USN-994-1] libHX vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00212.html
[USN-993-1] libgdiplus vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00215.html
[USN-992-1] Avahi vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00219.html
XSS vulnerability in Pluck
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00217.html
XSS vulnerability in GetSimple CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00213.html
XSRF (CSRF) in Zimplit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00209.html
Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00208.html
情報セキュリティ技術動向調査(2010 年上期)
http://www.ipa.go.jp/security/fy22/reports/tech1-tg/indexa.html
Controlling bittorrent
http://isc.sans.edu/diary.html?storyid=9631
Red Hat update for kernel
http://secunia.com/advisories/41667/
Debian update for moodle
http://secunia.com/advisories/41633/
Ubuntu update for avahi
http://secunia.com/advisories/41633/
Ubuntu update for mako 62 views
http://secunia.com/advisories/41649/
BIND Access Control List Flaw Lets Remote Users Access Cached Data
http://securitytracker.com/alerts/2010/Sep/1024494.html
IBM Tivoli Storage Manager Fastback Lets Remote Users Deny Service and Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Sep/1024493.html
Openswan XAUTH Buffer Overflow and Command Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/2526
Horde Groupware Webmail Edition Cross Site Scripting and Request Forgery
http://www.vupen.com/english/advisories/2010/2525
Horde Groupware Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/2524
Horde Gollem File Manager File Viewer Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/2523
Horde Dynamic Internet Messaging Program Cross Site Scripting
http://www.vupen.com/english/advisories/2010/2522
Horde Application Framework Cross Site Scripting and Request Forgery
http://www.vupen.com/english/advisories/2010/2521
Sun Solaris Security Update Fixes Xserver FreeType Buffer Overflow
http://www.vupen.com/english/advisories/2010/2520
Sun OpenSolaris Security Update Fixes Kerberos Denial of Service
http://www.vupen.com/english/advisories/2010/2519
MPlayer Libavcodec FLIC File Arbitrary Offset Dereference Vulnerability
http://www.vupen.com/english/advisories/2010/2518
FFmpeg Libavcodec FLIC File Arbitrary Offset Dereference Vulnerability
http://www.vupen.com/english/advisories/2010/2517
Redhat Security Update Fixes Multiple Mikmod Vulnerabilities
http://www.vupen.com/english/advisories/2010/2516
Redhat Security Update Fixes Kernel Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/2515
NetBSD Security Update Fixes Bzip2 Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2514
Quick Player 1.3 Unicode SEH Exploit
http://www.exploit-db.com/exploits/15156/
XFS Deleted Inode Local Information Disclosure Vulnerability
http://www.exploit-db.com/exploits/15155/
Linux Kernel 2.6.36-rc6 pktcdvd Kernel Memory Disclosure
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.7
http://www.linux.org/news/2010/09/29/0001.html
+ Linux Kernel "snd_ctl_new()" Integer Overflow Vulnerability
http://secunia.com/advisories/41650/
+ RHSA-2010:0723-1: Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2010-0723.html
- BIND Denial of Service and Security Bypass Vulnerabilities
http://secunia.com/advisories/41654/
http://www.securityfocus.com/bid/43573
- HS10-025: Authentication Bypass Vulnerability in JP1/NETM/Remote Control Agent
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-025/index.html
- UPDATE: HS10-025: JP1/NETM/Remote Control Agentにおける認証バイパスの脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-025/index.html
[ANN] Apache Shindig 2.0.0 released
http://www.apache.org/dyn/closer.cgi/shindig/2.0.0
CESA-2010:0720 (mikmod)
http://lwn.net/Alerts/407572/
CESA-2010:0720 (mikmod)
http://lwn.net/Alerts/407573/
CESA-2010:0718 (kernel)
http://lwn.net/Alerts/407574/
UPDATE: MS10-061 - Critical: Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
http://www.microsoft.com/technet/security/bulletin/MS10-061.mspx
UPDATE: MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)
http://www.microsoft.com/technet/security/bulletin/MS10-060.mspx
ASTERIA WARP 4.5 を出荷開始しました
http://asteria.jp/news/20100930-143244.html
HS10-026: Multiple vulnerabilities were found in Groupmax Scheduler Server.
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-026/index.html
UPDATE: HS10-017: Cosminexus製品におけるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-017/index.html
[Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00218.html
[security bulletin] HPSBUX02587 SSRT100215 rev.1 - HP-UX Directory Server and Red Hat Direct
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00216.html
[USN-996-1] Mako vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00211.html
[USN-995-1] libMikMod vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00210.html
[USN-994-1] libHX vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00212.html
[USN-993-1] libgdiplus vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00215.html
[USN-992-1] Avahi vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00219.html
XSS vulnerability in Pluck
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00217.html
XSS vulnerability in GetSimple CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00213.html
XSRF (CSRF) in Zimplit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00209.html
Fwd: 2.6.6 <= phpMyFAQ <= 2.6.8 XSS http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00208.html
情報セキュリティ技術動向調査(2010 年上期)
http://www.ipa.go.jp/security/fy22/reports/tech1-tg/indexa.html
Controlling bittorrent
http://isc.sans.edu/diary.html?storyid=9631
Red Hat update for kernel
http://secunia.com/advisories/41667/
Debian update for moodle
http://secunia.com/advisories/41633/
Ubuntu update for avahi
http://secunia.com/advisories/41633/
Ubuntu update for mako 62 views
http://secunia.com/advisories/41649/
BIND Access Control List Flaw Lets Remote Users Access Cached Data
http://securitytracker.com/alerts/2010/Sep/1024494.html
IBM Tivoli Storage Manager Fastback Lets Remote Users Deny Service and Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Sep/1024493.html
Openswan XAUTH Buffer Overflow and Command Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/2526
Horde Groupware Webmail Edition Cross Site Scripting and Request Forgery
http://www.vupen.com/english/advisories/2010/2525
Horde Groupware Cross Site Scripting and Request Forgery Vulnerabilities
http://www.vupen.com/english/advisories/2010/2524
Horde Gollem File Manager File Viewer Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/2523
Horde Dynamic Internet Messaging Program Cross Site Scripting
http://www.vupen.com/english/advisories/2010/2522
Horde Application Framework Cross Site Scripting and Request Forgery
http://www.vupen.com/english/advisories/2010/2521
Sun Solaris Security Update Fixes Xserver FreeType Buffer Overflow
http://www.vupen.com/english/advisories/2010/2520
Sun OpenSolaris Security Update Fixes Kerberos Denial of Service
http://www.vupen.com/english/advisories/2010/2519
MPlayer Libavcodec FLIC File Arbitrary Offset Dereference Vulnerability
http://www.vupen.com/english/advisories/2010/2518
FFmpeg Libavcodec FLIC File Arbitrary Offset Dereference Vulnerability
http://www.vupen.com/english/advisories/2010/2517
Redhat Security Update Fixes Multiple Mikmod Vulnerabilities
http://www.vupen.com/english/advisories/2010/2516
Redhat Security Update Fixes Kernel Privilege Escalation Vulnerability
http://www.vupen.com/english/advisories/2010/2515
NetBSD Security Update Fixes Bzip2 Integer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2514
Quick Player 1.3 Unicode SEH Exploit
http://www.exploit-db.com/exploits/15156/
XFS Deleted Inode Local Information Disclosure Vulnerability
http://www.exploit-db.com/exploits/15155/
Linux Kernel 2.6.36-rc6 pktcdvd Kernel Memory Disclosure
http://www.exploit-db.com/exploits/15150/
QuickPlayer '.m3u' File Buffer Overflow Vulnerability
2010-09-30
http://www.securityfocus.com/bid/30252
fence 'fence_manual' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37416
fence 'fence_apc' and 'fence_apc_snmp' Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/31904
Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42138
Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability
http://www.securityfocus.com/bid/42295
Moodle Multiple Vulnerabilities
http://www.securityfocus.com/bid/40944
Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
http://www.securityfocus.com/bid/39150
Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35667
libmikmod Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42464
Winamp and libmikmod Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37374
libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33235
libmikmod Version 3.1.12 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/41917
libmikmod '.XM' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33240
Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
http://www.securityfocus.com/bid/33946
Avahi 'avahi-core/socket.c' Zero Size Packet Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41075
libHX 'HX_split()' Remote Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42592
Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/41278
Live for Speed '.mpr' File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35716
FFmpeg libavcodec 'flicvideo.c' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43546
RETIRED: Achievo 'dispatch.php' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/43572
bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43331
Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42529
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
XFS Deleted Inode Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42527
Linux Kernel EXT4 Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/42477
Linux Kernel 'ecryptfs_uid_hash()' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42237
Linux Kernel GFS2 Directory Rename NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/42124
ISC BIND Denial Of Service and Security Bypass Vulnerability
http://www.securityfocus.com/bid/43573
Linux Kernel 'PKT_CTRL_CMD_STATUS' Invalid Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/43551
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544
Microsoft Excel SxView Record Parsing Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40523
Drupal Imagemenu Module HTML Injection and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/43598
Pluck 'cont1' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/43597
GetSimple CMS 'admin/changedata.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43593
MyPhpAuction 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/43591
Openswan 'XAUTH' Remote Buffer Overflow and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/43588
webSPELL 'staticID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/43580
webSPELL 'asearch.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/43579
Linux Kernel Xen Hypervisor Implementation Denial of Service Vulnerability
http://www.securityfocus.com/bid/43578
MODx Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/43577
webSPELL 'webspell_settings.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/43576
QuickPlayer '.m3u' File Buffer Overflow Vulnerability
2010-09-30
http://www.securityfocus.com/bid/30252
fence 'fence_manual' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/37416
fence 'fence_apc' and 'fence_apc_snmp' Insecure Temporary File Creation Vulnerabilities
http://www.securityfocus.com/bid/31904
Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
http://www.securityfocus.com/bid/42138
Microsoft Silverlight & .NET Framework CLR Virtual Method Delegate Code Execution Vulnerability
http://www.securityfocus.com/bid/42295
Moodle Multiple Vulnerabilities
http://www.securityfocus.com/bid/40944
Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
http://www.securityfocus.com/bid/39150
Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35667
libmikmod Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42464
Winamp and libmikmod Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/37374
libmikmod Multiple Sound Channel Media Playback Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33235
libmikmod Version 3.1.12 Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/41917
libmikmod '.XM' File Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/33240
Avahi 'avahi-core/server.c' Multicast DNS Denial Of Service Vulnerability
http://www.securityfocus.com/bid/33946
Avahi 'avahi-core/socket.c' Zero Size Packet Denial Of Service Vulnerability
http://www.securityfocus.com/bid/41075
libHX 'HX_split()' Remote Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42592
Mako 'cgi.escape()' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/41278
Live for Speed '.mpr' File Handling Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35716
FFmpeg libavcodec 'flicvideo.c' Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43546
RETIRED: Achievo 'dispatch.php' Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/43572
bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43331
Linux Kernel 'net/sched/act_police.c' File Memory Leak Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42529
Linux Kernel USB interface Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/39042
XFS Deleted Inode Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42527
Linux Kernel EXT4 Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/42477
Linux Kernel 'ecryptfs_uid_hash()' Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42237
Linux Kernel GFS2 Directory Rename NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/42124
ISC BIND Denial Of Service and Security Bypass Vulnerability
http://www.securityfocus.com/bid/43573
Linux Kernel 'PKT_CTRL_CMD_STATUS' Invalid Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/43551
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544
Microsoft Excel SxView Record Parsing Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40523
Drupal Imagemenu Module HTML Injection and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/43598
Pluck 'cont1' Parameter HTML Injection Vulnerability
http://www.securityfocus.com/bid/43597
GetSimple CMS 'admin/changedata.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/43593
MyPhpAuction 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/43591
Openswan 'XAUTH' Remote Buffer Overflow and Command Injection Vulnerabilities
http://www.securityfocus.com/bid/43588
webSPELL 'staticID' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/43580
webSPELL 'asearch.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/43579
Linux Kernel Xen Hypervisor Implementation Denial of Service Vulnerability
http://www.securityfocus.com/bid/43578
MODx Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/43577
webSPELL 'webspell_settings.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/43576
0 件のコメント:
コメントを投稿