Microsoft Security Bulletin Advance Notification for November 2010
http://www.microsoft.com/technet/security/bulletin/ms10-nov.mspx
マイクロソフト セキュリティ情報の事前通知 - 2010 年 11 月
http://www.microsoft.com/japan/technet/security/bulletin/ms10-nov.mspx
サーバメンテナンスのお知らせ(2010年 11月 8日)
http://www.trendmicro.co.jp/support/news.asp?id=1487
ECがプライバシー保護の新規定案、「忘れられる権利」をユーザーに
http://itpro.nikkeibp.co.jp/article/NEWS/20101105/353829/?ST=security
Adobe Flash Player の脆弱性に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100029.txt
JVNVU#298081 Adobe Flash に脆弱性
http://jvn.jp/cert/JVNVU298081/index.html
JVNDB-2010-002258 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002258.html
JVNDB-2010-002257 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002257.html
JVNDB-2010-002256 複数の Oracle 製品の Swing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002256.html
JVNDB-2010-002255 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002255.html
JVNDB-2010-002254 複数の Oracle 製品の Sound コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002254.html
JVNDB-2010-002253 複数の Oracle 製品の New Java Plug-in コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002253.html
JVNDB-2010-002252 複数の Oracle 製品の Java Web Start コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002252.html
JVNDB-2010-002251 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002251.html
JVNDB-2010-002250 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002250.html
JVNDB-2010-002249 複数の Oracle 製品の Deployment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002249.html
JVNDB-2010-000053 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000053.html
JVNDB-2010-000052 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000052.html
JVNDB-2009-002415 Expat の big2_toUtf8 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002415.html
JVNDB-2009-002392 Expat の libexpat におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002392.html
JVNDB-2007-001159 Quagga の bgpd におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001159.html
Adobe Flash Player の脆弱性(APSB10-26)について
http://www.ipa.go.jp/security/ciadr/vul/20101105-adobe.html
情報セキュリティ対策を自動化する標準仕様"SCAP"セミナー開催のお知らせ
~CVSSハンズオン編~
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2010_2.html
Adobe Shockwave Player Use-After-Free Bug in 'Shockwave Settings' Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Nov/1024682.html
Android 2.0-2.1 Reverse Shell Exploit
http://www.exploit-db.com/exploits/15423/
+ SA42094: Linux Kernel "x25_parse_facilities()" Denial of Service Vulnerability
http://secunia.com/advisories/42094/
http://www.securityfocus.com/bid/44642
+ SA42035: Linux Kernel "ioc_general()" Integer Truncation Vulnerability
http://secunia.com/advisories/42035/
+ SA42097: MySQL Prepared-Statement Mode "EXPLAIN" Denial of Service Vulnerability
http://secunia.com/advisories/42097/
+? Microsoft Windows Embedded OpenType Font Engine Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43775
+ Linux Kernel 'inet_diag.c' Netlink Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/44665
- マイクロソフト セキュリティ アドバイザリ (2458511): Internet Explorer の脆弱性により、リモートでコードが実行される
http://www.microsoft.com/japan/technet/security/advisory/2458511.mspx
- Linux Kernel Multiple 'kvm/x86.c' Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/44666
- Linux Kernel CAN Protocol Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44661
Google Chrome 7.0.517.44 released
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
APSB10-26: Security update available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb10-26.html
UPDATE: APSA10-05: Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa10-05.html
Catalyst-Plugin-PageCache-0.30 released
http://search.cpan.org/~timb/Catalyst-Plugin-PageCache-0.30/
UPDATE: CTX123359: Transport Layer Security Renegotiation Vulnerability
http://support.citrix.com/article/CTX123359
Mandriva : [MDVSA-2010:220] pam - Fix for Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34162
Red Hat : [RHSA-2010:0824-01] mysql: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34159
Red Hat : [RHSA-2010:0825-01] mysql: Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34160
High-Tech Bridge SA : [HTB22664] XSS vulnerability in MemHT Portal
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34167
High-Tech Bridge SA : [HTB22662] XSS vulnerability in MemHT Portal
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34168
High-Tech Bridge SA : [HTB22650] XSS vulnerability in Kandidat CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34169
High-Tech Bridge SA : [HTB22648] XSS vulnerability in Kandidat CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34170
High-Tech Bridge SA : [HTB22649] XSS vulnerability in Kandidat CMS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34171
High-Tech Bridge SA : [HTB22661] Stored XSS vulnerability in Webmedia Explorer
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34172
High-Tech Bridge SA : [HTB22663] Stored XSS (Cross Site Scripting) vulnerability in MemHT Portal
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34173
Red Hat : [RHSA-2010:0819-01] pam: Multiple Vulnerabilities
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34161
Slackware Linux : [SSA:2010-301-02] mozilla-firefox: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34157
Slackware Linux : [SSA:2010-265-01] 64-bit kernel: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34158
SuSE : [SUSE-SA:2010:042] flash-player DoS, Code-execution Fix
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34156
Independent Researcher : Apache Shiro information disclosure vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34163
Onapsis : [ONAPSIS-2010-009] Oracle Virtual Server Agent Remote Command Execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34164
Onapsis : [ONAPSIS-2010-008] Oracle Virtual Server Agent Arbitrary File Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34165
Onapsis : [ONAPSIS-2010-010] Oracle Virtual Server Agent Local Privilege Escalation
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34166
Security-Assessment.com : BroadWorks Call Detail Record Disclosure Vulnerability
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34174
プレス発表
「一太郎シリーズ」におけるセキュリティ上の弱点(脆弱性)の注意喚起
http://www.ipa.go.jp/about/press/20101104_2.html
「一太郎」に新たな脆弱性、文書を開くだけで被害の恐れ
アップデートモジュールが公開、早急に適用を
http://itpro.nikkeibp.co.jp/article/NEWS/20101104/353822/?ST=security
「PDFファイルにもウイルスが潜む」、悪用されるAdobe Readerの脆弱性
http://itpro.nikkeibp.co.jp/article/NEWS/20101104/353821/?ST=security
JVN#01948274 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN01948274/index.html
JVN#19173793 一太郎シリーズにおける任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN19173793/index.html
[USN-1014-1] Pidgin vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00067.html
[USN-1013-1] FreeType vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00065.html
[USN-1012-1] CUPS vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00066.html
[ MDVSA-2010:220 ] pam
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00063.html
BBcode XSS in eoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00062.html
LFI in eoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00061.html
SQL injection in eoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00059.html
Path disclosure in eoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00060.html
LFI in eoCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00058.html
XSS in Textpattern CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00057.html
SQL injection in MiniBB
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00056.html
Reset admin password in SweetRice CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00055.html
XSS in SweetRice CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00054.html
Shell create & command execution in JAF CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00052.html
RFI in JAF CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00053.html
SQL injection in SweetRice CMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00051.html
BBcode XSS in MiniBB
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00049.html
Adsoft Remote Sql Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00050.html
Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00048.html
Zen Cart 1.3.9h Local File Inclusion Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-11/msg00047.html
DNSSEC Progress for .com and .net
http://isc.sans.edu/diary.html?storyid=9883
Microsoft Patches Pre-Announcement
http://isc.sans.edu/diary.html?storyid=9886
Microsoft Smart Screen False Positivies
http://isc.sans.edu/diary.html?storyid=9889
Today's Adobe Patches and Vulnerablities
http://isc.sans.edu/diary.html?storyid=9892
eXV2 Content Management System 2.10 Remote XSS Vulnerability
http://securityreason.com/securityalert/7880
Directory Traversal Vulnerability in FTP Voyager
http://securityreason.com/securityalert/7879
4site CMS SQL Injection Vulnerability
http://securityreason.com/securityalert/7878
WSN Links SQL Injection Vulnerability
http://securityreason.com/securityalert/7877
DeluxeBB SQL Injection Vulnerability
http://securityreason.com/securityalert/7876
Secunia ReSonicWALL SSL-VPN End-Point ActiveX Control Buffer Overflow
http://securityreason.com/securityalert/7875
cforms WordPress Plugin Cross Site Scripting Vulnerability
http://securityreason.com/securityalert/7874
Adobe Acrobat Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Nov/1024684.html
Bugzilla Permits Cross-Site Scripting and HTTP Response Splitting Attacks and Discloses Certain Information to Remote Users
http://securitytracker.com/alerts/2010/Nov/1024683.html
Adobe Reader Unspecified Memory Corruption Vulnerability
http://secunia.com/advisories/42095/
GSPlayer Playlist Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/42117/
Textpattern Script Insertion Vulnerability
http://secunia.com/advisories/42100/
eoCMS Multiple Vulnerabilities
http://secunia.com/advisories/42098/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/42109/
SweetRice Password Reset Security Issue
http://secunia.com/advisories/42124/
SweetRice Multiple SQL Injection Vulnerabilities
http://secunia.com/advisories/42106/
miniBB "[url]" BBcode Script Insertion Vulnerability
http://secunia.com/advisories/42105/
Avira Premium Security Suite "avipbb.sys" Denial of Service
http://secunia.com/advisories/40927/
Fedora update for luci
http://secunia.com/advisories/42123/
Red Hat Conga "luci" Default Secret Key Security Bypass
http://secunia.com/advisories/42113/
JustSystems Ichitaro Two Document Parsing Vulnerabilities
http://secunia.com/advisories/42099/
Linux Kernel "x25_parse_facilities()" Denial of Service Vulnerability
http://secunia.com/advisories/42094/
Linux Kernel "ioc_general()" Integer Truncation Vulnerability
http://secunia.com/advisories/42035/
Zen Cart "loader_file" Local File Inclusion Vulnerability
http://secunia.com/advisories/42101/
NetSupport Manager Plaintext Header Information Disclosure Vulnerability
http://secunia.com/advisories/42122/
NetSupport Manager Plaintext Header Information Disclosure Vulnerability
http://secunia.com/advisories/42104/
MySQL Prepared-Statement Mode "EXPLAIN" Denial of Service Vulnerability
http://secunia.com/advisories/42097/
Red Hat update for mysql
http://secunia.com/advisories/42102/
Red Hat update for mysql
http://secunia.com/advisories/42121/
Adobe Acrobat and Reader "printSeps()" Heap Corruption Vulnerability
http://www.vupen.com/english/advisories/2010/2890
Google Chrome Memory Corruption and Use-after-free Vulnerabilities
http://www.vupen.com/english/advisories/2010/2889
Apache Shiro Filter Chain Mechanism Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/2888
PayPal Application for iPhone, iPod touch, and iPad Vulnerability
http://www.vupen.com/english/advisories/2010/2887
NetSupport Manager HTTP Protocol Information Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/2886
JustSystems Ichitaro Document Processing Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/2885
Redhat Security Update Fixes Multiple Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/2884
Fedora Security Update Fixes Qt WebKit Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2010/2883
SuSE Security Update Fixes Code Execution and Security Bypass
http://www.vupen.com/english/advisories/2010/2882
SuSE Security Update Fixes Multiple Local Kernel Vulnerabilities
http://www.vupen.com/english/advisories/2010/2881
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
http://www.exploit-db.com/exploits/15421/
GSPlayer 1.83a Win32 Release Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/15417/
Sami HTTP Server 2.0.1 GET Request Denial of Service Exploit
http://www.exploit-db.com/exploits/15422/
Avast! Internet Security aswtdi.sys 0day Local DoS PoC
http://www.exploit-db.com/exploits/15420/
Acrobat Reader v9.4 Memory Corruption Vulnerability
http://www.exploit-db.com/exploits/15419/
Internet Explorer Memory Corruption 0day Vulnerability
http://www.exploit-db.com/exploits/15418/
HtaEdit v 3.2.3.0 (.hta) Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/15411/
Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44504
Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44536
Linux Kernel 'ipc/sem.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/43809
FreeType 'ft_var_readpackedpoints()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44214
Microsoft Windows Embedded OpenType Font Engine Integer Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/43775
FreeType Rendering Engine Position Value Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43700
CUPS Server 'cups/ipp.c' Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44530
YUI Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44420
Libpurple MSN Protocol Custom Emoticons Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/40138
Pidgin 'libpurple' Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/44283
PAM 'pam_namespace' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44590
pam-xauth Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42472
Linux-PAM 'pam_env' and 'pam_mail' Modules Multiple Vulnerabilities
http://www.securityfocus.com/bid/43487
Bugzilla Response Splitting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/44618
Adobe Reader 9.4 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44638
Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/24348
Adobe Flash Player APSB10-26 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/44669
miniBB SQL Injection and HTML-injection Vulnerabilities
http://www.securityfocus.com/bid/44668
Linux Kernel Multiple 'kvm/x86.c' Local Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/44666
Linux Kernel 'inet_diag.c' Netlink Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/44665
JAF CMS Multiple Remote File Include and Remote Shell Command Execution Vulnerabilities
http://www.securityfocus.com/bid/44664
TextPattern Comment HTML Injection Vulnerability
http://www.securityfocus.com/bid/44662
Linux Kernel CAN Protocol Information Disclosure Vulnerability
http://www.securityfocus.com/bid/44661
SweetRice Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/44651
Avast! Internet Security 'aswtdi.sys' Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/44650
Google Chrome prior to 7.0.517.44 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/44646
FreeType TrueType Font Handling 'ttinterp.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44643
Linux Kernel 'x25_parse_facilities()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/44642
eoCMS HTML Injection, Local File Include, and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/44640
JustSystems Ichitaro Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/44637
0 件のコメント:
コメントを投稿