+ MySQL 5.1.54, 5.5.8 released
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-54.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-8.html
+ cURL 7.21.3 released
http://curl.haxx.se/
http://curl.haxx.se/changes.html#7_21_3
+ Multiple Vulnerabilities in Firefox browser
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_firefox_browser
+ Microsoft Remote Access Phonebook Insecure Executable Loading Vulnerability
http://secunia.com/advisories/42527/
? Linux Kernel release: 2.6.35.10
http://www.linux.org/news/2010/12/14/0001.html
対象名:Linux kernel 2.6.x (Red Hat 4/5)
? Internet Explorer 8 CSS Parser Exploit
http://www.exploit-db.com/exploits/15746/
? Microsoft Internet Explorer Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00134.html
[ANNOUNCE] Apache Derby 10.7.1.1 released
http://db.apache.org/derby/derby_downloads.html
[ANNOUNCE] Apache Jackrabbit 2.2.0 released
http://jackrabbit.apache.org/downloads.html
[ANNOUNCE] Printed PostgreSQL 9.0 Reference Manuals now available
http://www.network-theory.co.uk/postgresql9/
HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02239581
HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02655735
HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02660754
UPDATE: HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01835108
UPDATE: HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01506861
Mandriva : [MDVSA-2010:252] perl-CGI-Simple
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34505
Mandriva : [MDVSA-2010:253] bind
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34506
SuSE : [SUSE-SA:2010:060] Linux kernel
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34503
Ubuntu Security Notice : [USN-1024-2] OpenJDK regression
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34502
OpenBSD Paradox
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00148.html
[security bulletin] HPSBMA02616 SSRT100231 rev.1 - HP Insight Management Agents Running on Linux
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00150.html
[security bulletin] HPSBMA02615 SSRT100228 rev.1 - HP Insight Diagnostics Online Edition Running
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00151.html
Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00138.html
[security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00136.html
[ MDVSA-2010:255 ] php-intl
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00146.html
[ MDVSA-2010:254 ] php
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00145.html
http://www.evuln.com/ : BBCode CSS XSS in slickMsg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00144.html
http://www.evuln.com/ : "post" - Non-persistent XSS in slickMsg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00143.html
OpenBSDs IPSEC is Backdoored
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00142.html
[USN-1024-2] OpenJDK regression
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00141.html
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00139.html
Microsoft Internet Explorer Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00134.html
ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00135.html
minor browser UI nitpicking
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00133.html
iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialize
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00132.html
OSSTMM 3 Now Available!
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00131.html
WindowsやIEなどに脆弱性が40件、ゼロデイ攻撃や凶悪ウイルスが悪用
過去最多17件のセキュリティ情報が公開、すぐにパッチの適用を
http://itpro.nikkeibp.co.jp/article/NEWS/20101216/355289/?ST=security
IPAがYouTubeに公式チャンネルを開設、主催セミナーの動画を配信
http://itpro.nikkeibp.co.jp/article/NEWS/20101215/355276/?ST=security
2010年12月 Microsoft セキュリティ情報 (緊急 2件含) に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100033.txt
不適切な設定で Asteriskを利用した場合に発生し得る不正利用に関する注意喚起
http://www.jpcert.or.jp/at/2010/at100032.txt
Vulnerability in the PDF distiller of the BlackBerry Attachment Service
http://isc.sans.edu/diary.html?storyid=10084
OpenBSD IPSec "Backdoor"
http://isc.sans.edu/diary.html?storyid=10087
HP StorageWorks P2000 G3 MSA hardcoded user
http://isc.sans.edu/diary.html?storyid=10090
Vulnerability Note VU#647928: Invensys Wonderware InBatch and Foxboro I/A Series Batch database lock manager service (lm_tcp) buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/647928
HP OpenVMS Integrity Servers Lets Local Users Deny Service or Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Dec/1024892.html
BlackBerry Enterprise Server Buffer Overflow in Attachment Service Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024891.html
2010-12-15: Metasploit 3.5.1 Released!
http://www.metasploit.com/
http://blog.metasploit.com/2010/12/metasploit-framework-351-released.html
LOCAL: IBM Tivoli Storage Manager (TSM) Local Root
http://www.exploit-db.com/exploits/15745/
DoS: Easy DVD Creator Local Crash PoC
http://www.exploit-db.com/exploits/15739/
DoS: Digital Audio Editor 7.6.0.237 Local Crash PoC
http://www.exploit-db.com/exploits/15738/
TIBCO ActiveMatrix Components JMX Connections Code Execution
http://www.vupen.com/english/advisories/2010/3241
SAP NetWeaver Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3240
SAP NetWeaver "SapThemeRepository" ActiveX Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3239
phpMyAdmin "phpinfo.php" Missing Authentication Information Disclosure
http://www.vupen.com/english/advisories/2010/3238
BlackBerry Products PDF Distiller Remote Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/3237
F-Secure Products Security Update Fixes Binary Loading Vulnerability
http://www.vupen.com/english/advisories/2010/3236
Citrix Access Gateway Authentication Bypass and Command Injection
http://www.vupen.com/english/advisories/2010/3235
Novell ZENworks Desktop Management Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3234
Redhat Security Update Fixes HelixPlayer Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3233
Fedora Security Update Fixes Xfig File Handling Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3232
Mandriva Security Update Fixes BIND DoS and Wrong ACL Vulnerabilities
http://www.vupen.com/english/advisories/2010/3231
Mandriva Security Update Fixes perl-CGI-Simple HTTP Response Splitting
http://www.vupen.com/english/advisories/2010/3230
SuSE Security Update Fixes Kernel Remote and Local Vulnerabilities
http://www.vupen.com/english/advisories/2010/3229
Wonderware InBatch / Foxboro I/A Series "lm_tcp" Buffer Overflow Vulnerability
http://secunia.com/advisories/42528/
F-Secure Products Unspecified Vulnerability
http://secunia.com/advisories/42566/
MantisBT "db_type" Cross-Site Scripting and Local File Inclusion Vulnerabilities
http://secunia.com/advisories/42597/
Microsoft Remote Access Phonebook Insecure Executable Loading Vulnerability
http://secunia.com/advisories/42527/
Fedora update for xfig
http://secunia.com/advisories/42579/
BlogCFC Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42606/
cPanel Exim Multiple Vulnerabilities
http://secunia.com/advisories/42625/
SAP NetWeaver Business Client "SapThemeRepository" ActiveX Control Buffer Overflow
http://secunia.com/advisories/35796/
IBM Tivoli Storage Manager (TSM) Client Multiple Vulnerabilities
http://secunia.com/advisories/42639/
Citrix Access Gateway Legacy Authentication Command Injection Vulnerability
http://secunia.com/advisories/42638/
PmWiki "from" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42608/
Mura CMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42595/
TIBCO Products ActiveMatrix Runtime JMX Connections Code Execution Vulnerability
http://secunia.com/advisories/42640/
BlackBerry Enterprise Server PDF Distiller Buffer Overflow Vulnerability
http://secunia.com/advisories/35632/
Red Hat HelixPlayer Multiple Vulnerabilities
http://secunia.com/advisories/42532/
0 件のコメント:
コメントを投稿