+ UPDATE: MS10-087 - 緊急: Microsoft Office の脆弱性により、リモートでコードが実行される (2423930)
http://www.microsoft.com/japan/technet/security/Bulletin/MS10-087.mspx
UPDATE: Microsoft Security Bulletin Summary for November 2010
http://www.microsoft.com/technet/security/bulletin/MS10-nov.mspx
UPDATE: MS10-088 - Important: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
http://www.microsoft.com/technet/security/bulletin/MS10-088.mspx
UPDATE: MS10-087 - Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
http://www.microsoft.com/technet/security/bulletin/MS10-087.mspx
UPDATE: 2010 年 11 月のセキュリティ情報
http://www.microsoft.com/japan/technet/security/bulletin/ms10-nov.mspx
UPDATE: MS10-088 - 重要: Microsoft PowerPoint の脆弱性により、リモートでコードが実行される (2293386)
http://www.microsoft.com/japan/technet/security/Bulletin/MS10-088.mspx
「暗号アルゴリズム実装試験ツールの機能追加(GCM/XTS/鍵確立手法)」に係る一般競争入札
http://www.ipa.go.jp/about/kobo/tender-20101118/index.html
JVNDB-2009-002090 複数の TCP の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002090.html
JVNDB-2010-002318 CUPS の cupsd 内にある ipp.c における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002318.html
JVNDB-2010-002317 CUPS の cupsFileOpen 関数における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002317.html
JVNDB-2010-002316 Adobe Shockwave Player における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002316.html
JVNDB-2010-002315 Adobe Shockwave Player の IML32.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002315.html
JVNDB-2010-002314 Adobe Shockwave Player の dirapi.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002314.html
Openswan Buffer Overflows Let Remote Authenticated Gateways Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Nov/1024749.html
+ RHSA-2010:0894-1: Important: systemtap security update
http://rhn.redhat.com/errata/RHSA-2010-0894.html
+ RHSA-2010:0895-1: Moderate: systemtap security update
http://rhn.redhat.com/errata/RHSA-2010-0895.html
- Apache mod_fcgid Module "fcgid_header_bucket_read()" Security Issue
http://secunia.com/advisories/42288/
- Linux Kernel Reliable Datagram Sockets 'rds_cmsg_rdma_args()' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/44921
[ANNOUNCE] Apache Wink 1.1.2 release
http://incubator.apache.org/wink/
CESA-2010:0889 (freetype)
http://lwn.net/Alerts/415908/
CESA-2010:0894 (systemtap)
http://lwn.net/Alerts/415914/
CESA-2010:0889 (freetype)
http://lwn.net/Alerts/415909/
jetty@codehaus 7.2.1.v20101111 released
http://svn.codehaus.org/jetty/jetty/branches/jetty-8/VERSION.txt
Francesco "ascii" Ongaro : Vtiger CRM 5.2.0 Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34293
Hewlett-Packard : HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unaut
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34292
[ MDVSA-2010:237 ] perl-CGI
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00142.html
[security bulletin] HPSBPI02575 SSRT090255 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet M
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00135.html
LFI and XSS vulnerability in openEngine
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00136.html
[ MDVSA-2010:236 ] freetype2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00140.html
Quick update on Google Chromes Math.random() predictability by Amit Klein, Trusteer
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00138.html
[ MDVSA-2010:235 ] freetype2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00134.html
Eclipse IDE Help Server Local Cross Site Scripting (XSS) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00132.html
VMSA-2010-0016 VMware ESXi and ESX third party updates for Service Console and Likewise comp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00133.html
[ MDVSA-2010:234 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00137.html
[ MDVSA-2010:233 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00141.html
[ MDVSA-2010:232 ] cups
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00143.html
[ GLSA 201011-01 ] GNU C library: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00139.html
NEC、IBM製シングルサインオン用ソフトと連携可能な指紋認証パッケージを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20101117/354264/?ST=security
JVNDB-2010-002313 Adobe Flash に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002313.html
JVNDB-2010-002312 Adobe Shockwave Player の IML32.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002312.html
JVNDB-2010-002311 Adobe Shockwave Player の dirapi.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002311.html
JVNDB-2010-002310 Adobe Shockwave Player の dirapi.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002310.html
JVNDB-2010-002309 Adobe Shockwave Player の dirapi.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002309.html
JVNDB-2010-002308 Adobe Shockwave Player の dirapi.dll におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002308.html
JVNDB-2010-002307 Adobe Shockwave Player の TextXtra.x32 におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002307.html
JVNDB-2010-002306 Adobe Shockwave Player の dirapi.dll における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002306.html
Conficker B++ Activated on Nov 15
http://isc.sans.edu/diary.html?storyid=9958
Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities
http://isc.sans.edu/diary.html?storyid=9961
HP Tru64 UNIX Running NTP Denial of Service (DoS) Vulnerability
http://www.securiteam.com/unixfocus/6C036200AQ.html
HP System Management Homepage (SMH) for Linux and Windows Information Disclosure Vulnerability
http://www.securiteam.com/unixfocus/6F039200AY.html
IBM TSM FastBack Server USER_S_AddADGroup Code Execution Vulnerability
http://www.securiteam.com/windowsntfocus/6E038200AO.html
HP OpenView Network Node Manager (OV NNM) Denial of Service (DoS) Vulnerability
http://www.securiteam.com/securitynews/6D037200AW.html
CompactCMS "id" SQL Injection Vulnerability
http://secunia.com/advisories/42258/
Fedora update for mod_fcgid
http://secunia.com/advisories/42302/
vtiger CRM "default_user_name" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42304/
vtiger CRM Multiple Vulnerabilities
http://secunia.com/advisories/42246/
IceBB "gmt" SQL Injection Vulnerability and Information Disclosure Weakness
http://secunia.com/advisories/42283/
Apache mod_fcgid Module "fcgid_header_bucket_read()" Security Issue
http://secunia.com/advisories/42288/
SAP NetWeaver SOAP Request Denial of Service Vulnerability
http://secunia.com/advisories/42300/
Hitachi Groupmax Client Products Unspecified Buffer Overflow Vulnerability
http://secunia.com/advisories/42303/
ClanSphere Multiple Vulnerabilities
http://secunia.com/advisories/42260/
Hitachi Products Collaboration Server Denial of Service Vulnerability
http://secunia.com/advisories/42299/
GNOME Shell LD_LIBRARY_PATH Security Issue
http://secunia.com/advisories/42255/
WonderCMS "page" Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/42270/
openEngine Multiple Vulnerabilities
http://secunia.com/advisories/42257/
IBM WebSphere MQ FDC Processing Denial of Service Vulnerability
http://secunia.com/advisories/42253/
VLC Media Player Incorrect Calling Convention Stack Corruption Vulnerability
http://secunia.com/advisories/42244/
Serv-U SSH Server Empty Password Login Security Bypass
http://secunia.com/advisories/42261/
SAP NetWeaver SQL Monitor Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42297/
SAP NetWeaver Denial of Service Vulnerability
http://secunia.com/advisories/42301/
The Bug Genie Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/42081/
MySQL Administrator / Query Browser Credentials Disclosure Security Issue
http://secunia.com/advisories/42247/
vBulletin Profile Customization Script Insertion Vulnerability
http://secunia.com/advisories/42209/
Red Hat update for openssl
http://secunia.com/advisories/42296/
Fedora update for freetype
http://secunia.com/advisories/42289/
Red Hat update for freetype
http://secunia.com/advisories/42295/
Red Hat update for pidgin
http://secunia.com/advisories/42294/
Red Hat update for openswan
http://secunia.com/advisories/42291/
Fedora update for cups
http://secunia.com/advisories/42287/
Trend Micro Internet Security 2010 ActiveX Remote Exploit (UfPBCtrl.DLL)
http://www.exploit-db.com/exploits/14885/
SystemTap Lets Local Users Gain Elevated Privileges and Deny Service
http://securitytracker.com/alerts/2010/Nov/1024754.html
Cisco Unified Videoconferencing Lets Remote Users Access the System and Remote Authenticated Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Nov/1024753.html
Hitachi Products File Sharing Remote Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/3013
Hitachi Groupmax Products File Processing Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3012
vBulletin Profile Customization Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/3011
IBM WebSphere Commerce URL Processing Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/3010
IBM WebSphere Commerce Organization Admin Console SQL Injection
http://www.vupen.com/english/advisories/2010/3009
IBM WebSphere MQ FDC Processing Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2010/3008
Redhat Security Update Fixes Kernel Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3007
Redhat Security Update Fixes Openswan Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3006
Redhat Security Update Fixes PAM Privilege Escalation Vulnerabilities
http://www.vupen.com/english/advisories/2010/3005
Redhat Security Update Fixes Pidgin Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/3004
Redhat Security Update Fixes FreeType Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3003
Redhat Security Update Fixes OpenSSL Race Condition Vulnerability
http://www.vupen.com/english/advisories/2010/3002
OpenSSL TLS Extension Multi-threading Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3001
Fedora Security Update Fixes CUPS Use-after-free Vulnerability
http://www.vupen.com/english/advisories/2010/3000
Fedora Security Update Fixes FreeType Heap Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2999
Fedora Security Update Fixes mod_fcgid Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2998
Apache mod_fcgid FastCGI Application Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/2997
SuSE Security Update Fixes Denial of Service and Security Bypass
http://www.vupen.com/english/advisories/2010/2996
Mandriva Security Update Fixes Multiple FreeType Vulnerabilities
http://www.vupen.com/english/advisories/2010/2995
Turbolinux Security Update Fixes Flash Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/2994
Mandriva Security Update Fixes perl-CGI Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/2993
Microsoft PowerPoint (CVE-2010-2573) Heap Corruption Vulnerability
http://www.securityfocus.com/bid/44628
Apple QuickTime 'quicktime.qtx' Module Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44790
Apple QuickTime 'QuickTimeMPEG.qtx' Module MPEG Encoded Movie Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44792
Apple QuickTime FlashPix Image File Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44787
Apple QuickTime GIF File LZW Compression Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44785
Apple QuickTime JP2 Image Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44795
Apple QuickTime AVI File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44796
Apple QuickTime Sorenson 3 Encoded Movie File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44789
RETIRED: AT-TFTP Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/44711
Allied Telesyn TFTP Daemon Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/11584
Mozilla Firefox SeaMonkey Thunderbird Modal Calls Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44252
Mozilla Firefox SeaMonkey and Thunderbird 'document.write' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44247
Mozilla Firefox SeaMonkey and Thunderbird 'LookupGetterOrSetter' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44249
OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44884
Mozilla Firefox SeaMonkey and Thunderbird 'nsBarProp' Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44248
Mozilla Firefox 3.5/3.6 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44425
Mozilla Firefox SeaMonkey and Thunderbird 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44251
Mozilla Firefox and Thunderbird CVE-2010-3175 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44245
Mozilla Firefox SeaMonkey and Thunderbird CVE-2010-3176 Multiple Memory-Corruption Vulnerabilities
http://www.securityfocus.com/bid/44243
gnome-shell 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44751
Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/39468
DiskPulse Server 'GetServerInfo' Buffer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43919
Novell NetWare NFS Portmapper and RPC Module Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/36564
Cisco Unified Videoconferencing Security Bypass Vulnerability
http://www.securityfocus.com/bid/44929
Cisco Unified Videoconferencing FTP Server Security Weakness
http://www.securityfocus.com/bid/44928
Cisco Unified Videoconferencing Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44927
Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability
http://www.securityfocus.com/bid/44926
Cisco Unified Videoconferencing Security Bypass Vulnerability
http://www.securityfocus.com/bid/44925
Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/44924
Cisco Unified Videoconferencing Password Obfuscation Vulnerability
http://www.securityfocus.com/bid/44923
Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities
http://www.securityfocus.com/bid/44922
Linux Kernel Reliable Datagram Sockets 'rds_cmsg_rdma_args()' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/44921
SystemTap 'Staprun' Module Unloading Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44917
WonderCMS 'page' Parameter Cross Site Scripting And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/44916
SystemTap 'modprob' Command Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44914
Sitefinity ASP.NET CMS Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/44911
Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness
http://www.securityfocus.com/bid/44908
Hitachi Multiple Collaboration Products Unspecified Denial Of Service Vulnerability
http://www.securityfocus.com/bid/44907
Hitachi Multiple Groupmax Products Unspecified Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44906
SAP NetWeaver SQL Monitor Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44904
SAP NetWeaver Security Bypass Denial Of Service Vulnerability
http://www.securityfocus.com/bid/44903
The Bug Genie Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44902
Vtiger CRM Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/44901
0 件のコメント:
コメントを投稿