ServerProtect for Linux 3.0 Service Pack 1 Patch 2 (Build 1298) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1467
ウイルスバスターコーポレートエディション・Trend Microビジネスセキュリティにおける修正プログラム公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1465
定期サーバメンテナンスのお知らせ(2010年9月17日)
http://www.trendmicro.co.jp/support/news.asp?id=1468
プレス発表
「組込みシステムのセキュリティへの取組みガイド(2010年度改訂版)」を公開
~情報家電で利用が拡大するIPv6等の新技術を安全に利用する上で考慮すべき対応策を掲載~
http://www.ipa.go.jp/about/press/20100907.html
JVNDB-2010-001968 Windows 上で稼働する OpenOffice.org の Impress モジュールにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001968.html
JVNDB-2010-001967 Windows 上で稼働する OpenOffice.org の Impress モジュールにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001967.html
JVNDB-2010-001966 PHP のセッションシリアライザにおける任意のセッション変数に変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001966.html
JVNDB-2010-001965 Hypervisor の命令のエミュレーションにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001965.html
JVNDB-2010-001964 QEMU-KVM の subpage MMIO initialization 機能における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001964.html
JVNDB-2010-001963 QEMU-KVM のゲスト QXL ドライバポインタにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001963.html
JVNDB-2010-001962 複数のレッドハット製品などで利用される libspice のメモリ管理操作における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001962.html
JVNDB-2010-001961 複数のレッドハット製品などで利用される libspice のゲスト QXL ドライバポインタにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001961.html
JVNDB-2010-001960 Wyse ThinOS LPD サービスにバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001960.html
JVNDB-2010-001959 Hitachi Storage Command Suite 製品の組み込みデータベースにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001959.html
JVNDB-2010-001958 JP1/Desktop Navigation 組み込みデータベースにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001958.html
JVNDB-2010-001957 Zabbix の formatQuery 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001957.html
JVNDB-2010-001458 X.Org の X server の fbComposite 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001458.html
JVNDB-2010-001956 Wireshark の UDVM 解析部における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001956.html
JVNDB-2010-001955 Wireshark の UDVM 解析部におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001955.html
JVNDB-2010-001954 Wireshark の UDVM 解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001954.html
JVNDB-2010-001953 Wireshark の ASN.1 BER 解析部におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001953.html
JVNDB-2010-001952 Wireshark の SMB 解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001952.html
JVNDB-2010-001951 Wireshark の DOCSIS 解析部におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001951.html
JVNDB-2010-001950 Cisco IOS の TCP 接続におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001950.html
JVNDB-2010-001949 iPhone および iPod touch 上で稼動する Apple iOS の IOSurface における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001949.html
JVNDB-2010-001948 Apple Quicktime に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001948.html
JVNDB-2010-001947 PHP の var_export 関数における、重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001947.html
JVNDB-2010-001946 PHP の strrchr 関数における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001946.html
JVNDB-2010-001945 Oracle WebLogic Server の WebLogic Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001945.html
Entrust Secure Transaction Platform Identification and Entitlements Server Discloses Potentially Sensitive Files to Remote Users
http://securitytracker.com/alerts/2010/Sep/1024391.html
Weborf <= 0.12.2 Directory Traversal Vulnerability
http://www.exploit-db.com/exploits/14925/
+ Linux kernel 2.4.37.10 released
http://www.kernel.org/
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10
+ Internet Explorer Cross-Origin CSS Style Sheet Handling Vulnerability
http://secunia.com/advisories/41271/
http://www.securityfocus.com/bid/42993
+ FreeBSD 8.1/7.3 vm.pmap kernel local race condition
http://securityreason.com/securityalert/7733
+ Linux Kernel JFS xattr Namespace Access Rules Security Bypass
http://secunia.com/advisories/41321/
+ MOAUB #5 - Microsoft MPEG Layer-3 Remote Command Execution Exploit
http://www.exploit-db.com/exploits/14895/
http://www.securityfocus.com/bid/39303
+- Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42646
+- Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42643
+- Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42596
Linux Kernel release: 2.4.37.10
http://www.linux.org/news/2010/09/06/0001.html
UPDATE: Cisco Security Advisory: Cisco IOS XR Software Border Gateway Protocol Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml
「ワンクリック詐欺」の相談が過去最多、1カ月で935件に
IPAが注意喚起、「安易に『はい』ボタンを押さないで」
http://itpro.nikkeibp.co.jp/article/NEWS/20100907/351809/?ST=security
UPDATE: JVNVU#707943 Windows プログラムの DLL 読み込みに脆弱性
http://jvn.jp/cert/JVNVU707943/index.html
FreeBSD 8.1/7.3 vm.pmap kernel local race condition
http://securityreason.com/securityalert/7733
pecio CMS v2.0.5 (template) Multiple Remote File Include Vulnerability
http://securityreason.com/securityalert/7732
textpattern 4.2.0 Remote File Inclusion Vulnerability
http://securityreason.com/securityalert/7731
Wiccle v1.00 XSS Vulnerability
http://securityreason.com/securityalert/7730
GaleriaSHQIP 1.0 SQL Injection Vulnerability
http://securityreason.com/securityalert/7729
DiY-CMS 1.0 Remote File Inclusion
http://securityreason.com/securityalert/7728
Multi-lingual E-Commerce System 0.2 Multiple Remote File Inclusion
http://securityreason.com/securityalert/7727
seagull-0.6.7 remote file include
http://securityreason.com/securityalert/7726
seagull-0.6.7 SQL injection Vulnerabilitie
http://securityreason.com/securityalert/7725
Entrust Identification and Entitlements Server XML Entity References Information Disclosure
http://secunia.com/advisories/41276/
MAGIX Samplitude Producer Insecure Library Loading Vulnerability
http://secunia.com/advisories/41296/
Joomla! Clantools Component "squad" SQL Injection Vulnerability
http://secunia.com/advisories/41310/
MicroNetSoft RV Dealer Website "vehicletypeID" SQL Injection Vulnerability
http://secunia.com/advisories/41319/
MicroNetSoft Rental Property Management Website "ad_ID" SQL Injection Vulnerability
http://secunia.com/advisories/41320/
Joomla! Clantools Component Two SQL Injection Vulnerabilities
http://secunia.com/advisories/41322/
Joomla! Gantry Component "moduleid" SQL Injection Vulnerability
http://secunia.com/advisories/41300/
Bip "bip_on_event()" NULL Pointer Dereference Denial of Service
http://secunia.com/advisories/41285/
DMXReady Members Area Manager "Address2" and "shipping_Address2" Script Insertion
http://secunia.com/advisories/41282/
DMXready Polling Booth Manager "QuestionID" SQL Injection Vulnerability
http://secunia.com/advisories/41306/
Internet Explorer Cross-Origin CSS Style Sheet Handling Vulnerability
http://secunia.com/advisories/41271/
jetAudio Insecure Library Loading Vulnerability
http://secunia.com/advisories/41308/
BlueCMS "X-Forwarded-For" SQL Injection Vulnerability
http://secunia.com/advisories/41255/
Linux Kernel JFS xattr Namespace Access Rules Security Bypass
http://secunia.com/advisories/41321/
chillyCMS "name" Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/41313/
Debian update for smbind
http://secunia.com/advisories/41303/
Simple Management for BIND "username" SQL Injection Vulnerability
http://secunia.com/advisories/41287/
Softbiz Article Directory Script "sbiz_id" SQL Injection Vulnerability
http://secunia.com/advisories/41301/
Fedora update for libHX and pam_mount
http://secunia.com/advisories/41291/
libHX "hx_split()" Buffer Overflow Vulnerability
http://secunia.com/advisories/41290/
Rainbow Portal Cross-Site Scripting and Script Insertion Vulnerabilities
http://secunia.com/advisories/41205/
Fedora update for python3
http://secunia.com/advisories/41288/
Squid String Processing NULL Pointer Dereference Denial of Service Vulnerability
http://secunia.com/advisories/41298/
Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/5DP2V1P2KM.html
MyBB Password Reset Email BCC Injection Vulnerability
http://www.securiteam.com/securitynews/5EP2W1P2KI.html
MOAUB #6 - HP OpenView NNM webappmon.exe execvp_nc Remote Code Execution
http://www.exploit-db.com/exploits/14916/
Clantools for Joomla Two Parameter SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2010/2301
Clantools for Joomla "squad" Parameter SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/2300
IfNuke Arbitrary File Upload and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/2299
chillyCMS Username Processing SQL Injection and Cross Site Scripting
http://www.vupen.com/english/advisories/2010/2298
A-Blog "words" Parameter Handling Remote SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/2297
Squid String Handling Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/2296
Linux Kernel "keyctl_session_to_parent()" NULL Pointer Dereference
http://www.vupen.com/english/advisories/2010/2295
Fedora Security Update Fixes Multiple Python Vulnerabilities
http://www.vupen.com/english/advisories/2010/2294
Fedora Security Update Fixes sblim-sfcb Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/2293
Fedora Security Update Fixes libHX Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2292
Redhat Security Update Fixes Kernel Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2010/2291
SuSE Security Update Fixes Kernel Privilege Escalation and DoS
http://www.vupen.com/english/advisories/2010/2290
Debian Security Update Fixes smbind SQL Injection Vulnerability
http://www.vupen.com/english/advisories/2010/2289
Debian Security Update Fixes BarnOwl Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/2288
maildrop Group Permission Dropping Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37984
Quagga bgpd Null Pointer Deference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42642
Quagga bgpd Route-Refresh Message Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42635
lvm2-cluster 'clvmd' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42033
HP OpenView Network Node Manager 'execvp_nc()' Code Execution Vulnerability
http://www.securityfocus.com/bid/41829
Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42646
Oracle MySQL 'HANDLER' interface Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42633
Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42643
Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42598
Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42596
Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42638
Oracle MySQL 'EXPLAIN' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42599
Oracle MySQL 'LOAD DATA INFILE' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42625
phpMyAdmin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/42584
Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/39303
Python 'audioop' Module Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40370
Python 'PySys_SetArgv' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/40862
Python 'audioop' Module Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40863
SBLIM-SFCB Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40475
libHX 'HX_split()' Remote Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42592
Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/25512
Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/38515
FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/42285
Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/43001
Blue CMS `X-Forwarded-For' Header SQL Injection Vulnerability
http://www.securityfocus.com/bid/42999
Microsoft Internet Explorer CSS Handling Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42993
chillyCMS SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/42991
DMXReady Polling Booth Manager 'inc_pollingboothmanager.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/42990
A-Blog 'sources/search.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/42988
Joomla! Clantools Component Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/42986
VLC Media Player 'smb://' URI Handler '.xspf' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/42989
SyndeoCMS Local File Include, Cross Site Scripting, and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/42978
0 件のコメント:
コメントを投稿