IPA テクニカルウォッチ
『新しいタイプの攻撃』に関するレポート
~Stuxnet(スタックスネット)をはじめとした新しいサイバー攻撃手法の出現~
http://www.ipa.go.jp/about/technicalwatch/20101217.html
JVN#02175694 アタッシェケースにおける実行ファイル読み込みに関する脆弱性
http://jvn.jp/jp/JVN02175694/index.html
JVNDB-2010-002439 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002439.html
JVNDB-2010-002438 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002438.html
JVNDB-2010-002437 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002437.html
JVNDB-2010-002436 Apple Mac OS X の QuickTime における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002436.html
JVNDB-2010-002435 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002435.html
JVNDB-2010-002434 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002434.html
JVNDB-2010-002433 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002433.html
JVNDB-2010-002432 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002432.html
JVNDB-2010-002431 Apple Mac OS X の QuickTime におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002431.html
JVNDB-2010-002298 Quagga の bgpd の bgp_route_refresh_receive 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002298.html
JVNDB-2010-002297 Linux kernel のネットワークキューイング機能の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002297.html
JVNDB-2010-002296 Linux kernel の do_io_submit 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002296.html
JVNDB-2010-002118 64-bit プラットフォーム上で稼働している Linux kernel の compat_alloc_user_space 関数における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002118.html
JVNDB-2010-002517 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002517.html
JVNDB-2010-002516 Apple Safari および Google Chrome の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002516.html
JVNDB-2010-002515 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002515.html
JVNDB-2010-002514 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002514.html
JVNDB-2010-002513 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002513.html
JVNDB-2010-002512 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002512.html
JVNDB-2010-002511 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002511.html
JVNDB-2010-002510 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002510.html
JVNDB-2010-002509 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002509.html
JVNDB-2010-000066 アタッシェケースにおける実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000066.html
BLOG:CMS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42656/
BLOG:CMS Multiple Vulnerabilities
http://secunia.com/advisories/42646/
TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/35770/
Clear iSpot and Clear Clearspot Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42590/
Apple Time Capsule and AirPort Base Station Bugs Let Remote Users Deny Service or Access Ostensibly Protected Hosts
http://securitytracker.com/alerts/2010/Dec/1024907.html
IBM Tivoli Storage Manager Lets Local Users Gain Elevated Privileges
http://securitytracker.com/alerts/2010/Dec/1024901.html
Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/44301
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44242
Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43787
Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43353
Linux Kernel Econet Protocol Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/45072
+ PostgreSQL 9.0.2, 8.4.6, 8.3.13, 8.2.19, 8.1.23 Update Release
http://www.postgresql.org/docs/9.0/static/release-9-0-2.html
http://www.postgresql.org/docs/8.4/static/release-8-4-6.html
http://www.postgresql.org/docs/8.3/static/release-8-3-13.html
http://www.postgresql.org/docs/8.2/static/release-8-2-19.html
http://www.postgresql.org/docs/9.0/static/release-8-1-23.html
+ ActivePerl 5.8.9.828, 5.10.1.1008, 5.12.2.1203 released
http://docs.activestate.com/activeperl/5.8/changes.html
http://docs.activestate.com/activeperl/5.10/changes.html
http://docs.activestate.com/activeperl/5.12/changes.html
+ GCC 4.5.2 has been released
http://gcc.gnu.org/
http://gcc.gnu.org/gcc-4.5/changes.html
+ Linux kernel 2.6.35.10 released
http://www.kernel.org/
++ PHP 5.2.16 Released
http://www.php.net/archive/2010.php#id-1
http://www.php.net/ChangeLog-5.php#5.2.16
- F-Secure Internet Security DLL Loading Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024895.html
コメント:Windows 版のみ
UPDATE: MS10-087 - 緊急: Microsoft Office の脆弱性により、リモートでコードが実行される (2423930)
http://www.microsoft.com/japan/technet/security/bulletin/MS10-087.mspx
About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.5.2
http://support.apple.com/kb/HT4298
Chrome 8.0.552.231 for Mac released
http://googlechromereleases.blogspot.com/2010/12/stable-channel-update.html
Opera 11.00 released
http://www.opera.com/docs/changelogs/windows/1100/
BIND 9.8.0a1 released
https://www.isc.org/software/bind/980a1
http://ftp.isc.org/isc/bind9/9.8.0a1/RELEASE-NOTES-BIND-9.8.0a1.html
BIND 9.6.3b1 released
https://www.isc.org/software/bind/963b1
http://ftp.isc.org/isc/bind9/9.6.3b1/RELEASE-NOTES-BIND-9.6.3b1.html
Linux kernel 2.6.37-rc6 released
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.37-rc6
http://www.linux.org/news/2010/12/16/0001.html
インフォテリアサポート 年末年始休暇のお知らせ(12/29~1/3)
http://asteria.jp/news/20101216-160000.html
ウイルス検索エンジン VSAPI 9.205 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1500
eVuln : [EV0162] BBCode CSS XSS in slickMsg
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34518
eVuln : [EV0161] "post" - Non-persistent XSS in slickMsg
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34519
Hewlett-Packard : HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34522
Hewlett-Packard : HP Insight Management Agents Running on Linux and Windows, Remote Full Path Disclosure
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34523
Hewlett-Packard : HP Insight Diagnostics Online Edition Running on Linux and Windows, Remote Cross Site Scripting (XSS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34524
Mandriva : [MDVSA-2010:256] git
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34516
Kryptos Logic : IBM Tivoli Storage Manager (TSM) Local Root
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34520
プレス発表
「サービス妨害攻撃の対策等調査」報告書の公開
~サービス妨害攻撃※の手法とそれに対する予防策や対応方法に関する適切な知識が重要~
http://www.ipa.go.jp/about/press/20101216.html
「iPadやAndroid機を社内LANにつなぐなら電子証明書+端末認証などの多重防御で」ソリトンが講演
http://itpro.nikkeibp.co.jp/article/NEWS/20101216/355328/?ST=security
優勝は東京電機大の「RPFチーム」、トレンドマイクロ主催の学生アワード
http://itpro.nikkeibp.co.jp/article/NEWS/20101216/355323/?ST=security
JVN#30273074 Internet Explorer におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN30273074/index.html
JVNVU#624959 侵入検知システム (IDS) および侵入防止システム (IPS) の機能を回避可能な問題
http://jvn.jp/cert/JVNVU624959/index.html
JVNVU#647928 Wonderware InBatch と I/A Series Batch の database lock manager service (lm_tcp) にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU647928/index.html
JVNDB-2010-001526 OpenSSL の Cryptographic Message Syntax (CMS) の実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001526.html
JVNDB-2010-002247 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002247.html
JVNDB-2010-002246 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002246.html
JVNDB-2010-002270 Oracle Sun Products Suite の Oracle Communications Messaging Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002270.html
JVNDB-2010-002266 複数の Oracle 製品の JNDI コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002266.html
JVNDB-2010-002260 複数の Oracle 製品の CORBA コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002260.html
JVNDB-2010-002248 複数の Oracle 製品の CORBA コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002248.html
JVNDB-2010-002245 複数の Oracle 製品の 2D コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002245.html
JVNDB-2010-002251 複数の Oracle 製品の Java Runtime Environment コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002251.html
JVNDB-2009-002319 SSL および TLS プロトコルに脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
JVNDB-2010-002508 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002508.html
JVNDB-2010-002507 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002507.html
JVNDB-2010-002506 Apple Safari および Google Chrome の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002506.html
JVNDB-2010-002505 Apple Safari および Google Chrome の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002505.html
JVNDB-2010-002504 Apple Safari の WebKit における DNS 先読み設定を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002504.html
JVNDB-2010-002503 Apple Safari の WebKit における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002503.html
JVNDB-2010-002502 Apple Safari の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002502.html
PR10-06: Cross-domain redirect on PGP Universal Web Messenger
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00174.html
[security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Serv
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00166.html
[security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Pois
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00164.html
Call for Paper @ Swiss Cyber Storm 3
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00165.html
[ MDVSA-2010:256 ] git
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00160.html
[security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Invento
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00159.html
[security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00156.html
http://www.evuln.com/ : "error" Non-persistent XSS in slickMsg
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00162.html
VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00154.html
VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00163.html
VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN&
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00158.html
VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (V
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00155.html
VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00152.html
[security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3,
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00161.html
Openwall GNU/*/Linux 3.0 is out, marks 10 years of the project
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00157.html
Microsoft Office HtmlDlgHelper class memory corruption vulnerability
http://www.securiteam.com/windowsntfocus/6H0361F0KK.html
LibSMI smiGetNode Buffer Overflow Vulnerability
http://www.securiteam.com/securitynews/6I0371F0KI.html
HP Insight Managed System Setup Wizard for Windows Arbitrary File Download Vulnerability
http://www.securiteam.com/windowsntfocus/6J0381F0KG.html
HP Insight Orchestration Software for Windows Arbitrary File Download and Unauthorized Access Vulnerabilities
http://www.securiteam.com/windowsntfocus/6T03B1F0KO.html
HP Insight Managed System Setup Wizard for Windows Arbitrary File Download Vulnerability
http://www.securiteam.com/windowsntfocus/6K0391F0KE.html
HP Insight Recovery for Windows Cross Site Scripting and Arbitrary File Download Vulnerabilities
http://www.securiteam.com/windowsntfocus/6S03A1F0KM.html
Microsoft Office Excel Out-of-Bounds Memory Write Vulnerability
http://www.securiteam.com/windowsntfocus/6V03D1F0KS.html
HP Insight Control for Linux Cross Site Request Forgery Vulnerability
http://www.securiteam.com/unixfocus/6U03C1F0KQ.html
dotnetnuke 5.06.00 XSS
http://securityreason.com/securityalert/7960
GIT gitweb Input Validation Flaw Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Dec/1024905.html
HP StorageWorks Modular Smart Array Default Administrative Password Lets Remote Users Gain Administrative Access
http://securitytracker.com/alerts/2010/Dec/1024904.html
HP Discovery & Dependency Mapping Inventory (DDMI) Input Validation Flaw Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Dec/1024903.html
HP Power Manager Unspecified Flaw Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024902.html
Symantec Endpoint Protection Validation Flaw in 'fw_charts.php' Lets Remote Users Overwrite Files and Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024900.html
HP Insight Management Agents Discloses Full Path to Remote Users
http://securitytracker.com/alerts/2010/Dec/1024898.html
HP Insight Diagnostics Online Edition Input Validation Hole Permits Cross-Site Scripting Attacks
http://securitytracker.com/alerts/2010/Dec/1024897.html
F-Secure Internet Security DLL Loading Error Lets Remote Users Execute Arbitrary Code
http://securitytracker.com/alerts/2010/Dec/1024895.html
TIBCO ActiveMatrix JMX Connection Processing Flaw Lets Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information
http://securitytracker.com/alerts/2010/Dec/1024894.html
Citrix Access Gateway Flaw in Legacy NT Authentication Component Lets Remote Users Inject Commands
http://securitytracker.com/alerts/2010/Dec/1024893.html
Opera Multiple Vulnerabilities
http://secunia.com/advisories/42653/
Joomla! JRadio Component "controller" Local File Inclusion Vulnerability
http://secunia.com/advisories/42600/
ManageEngine EventLog Analyzer Multiple Vulnerabilities
http://secunia.com/advisories/42516/
GIT "gitweb" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42645/
Symantec Endpoint Protection Manager "fw_charts.php" Code Execution Vulnerability
http://secunia.com/advisories/42643/
BEdita Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42647/
PCSC-Lite "ATRDecodeAtr()" Buffer Overflow Vulnerability
http://secunia.com/advisories/42659/
Pointter PHP Content Management System Authentication Security Bypass
http://secunia.com/advisories/42662/
Pointter PHP Micro-Blogging Social Network Authentication Security Bypass
http://secunia.com/advisories/42634/
phpMyFAQ Compromised Source Packages Backdoor Security Issue
http://secunia.com/advisories/42622/
Anwiki Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42663/
Anwiki Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42594/
Drupal Views Module Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42651/
Aesop GIF Creator Aesop Project File Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/42660/
OpenSC Serial Number Processing Buffer Overflow Vulnerabilities
http://secunia.com/advisories/42658/
Oracle Solaris Firefox Multiple Vulnerabilities
http://secunia.com/advisories/42652/
OpenVMS Integrity Servers Privilege Escalation Vulnerability
http://secunia.com/advisories/42610/
HP Insight Management Agents Path Disclosure Weakness
http://secunia.com/advisories/42603/
BlackBerry Desktop Software Backup File Brute Force Weakness
http://secunia.com/advisories/42661/
BlackBerry Desktop Software Backup File Brute Force Weakness
http://secunia.com/advisories/42657/
Drupal For Firebug Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42654/
HP StorageWorks Modular Smart Array P2000 Undocumented Account Security Issue
http://secunia.com/advisories/42583/
Red Hat update for java-1.6.0-ibm
http://secunia.com/advisories/42642/
HP Insight Diagnostics Online Edition Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42601/
LOCAL: Altarsoft Audio Converter 1.1 Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/15751/
LOCAL: Aesop GIF Creator less= v2.1 (.aep) Buffer Overflow Exploit
http://www.exploit-db.com/exploits/15747/
DoS: SolarFTP 2.0 Multiple Commands Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15750/
phpMyFAQ "getTopTen()" Function Remote PHP Code Injection Backdoor
http://www.vupen.com/english/advisories/2010/3254
Opera Browser Multiple Code Execution and Security Bypass Vulnerabilities
http://www.vupen.com/english/advisories/2010/3253
Symantec Endpoint Protection "fw_charts.php" File Overwrite Vulnerability
http://www.vupen.com/english/advisories/2010/3252
IBM Tivoli Storage Manager Client Code Execution and Unauthorized Access
http://www.vupen.com/english/advisories/2010/3251
HP StorageWorks P2000 G3 MSA Default Hidden Administrative Account
http://www.vupen.com/english/advisories/2010/3250
HP Insight Diagnostics Online Edition Cross Site Scripting Vulnerability
http://www.vupen.com/english/advisories/2010/3249
HP Insight Management Agents Remote Full Path Disclosure Vulnerability
http://www.vupen.com/english/advisories/2010/3248
HP OpenVMS Integrity Servers Privilege Escalation and DoS Vulnerability
http://www.vupen.com/english/advisories/2010/3247
cPanel Security Update Fixes Exim Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/advisories/2010/3246
Oracle Solaris Security Update Fixes Firefox Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3245
Invensys Wonderware InBatch and Foxboro I/A Series Batch Buffer Overflow
http://www.vupen.com/english/advisories/2010/3244
Redhat Security Update Fixes Java Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2010/3243
Mandriva Security Update Fixes PHP Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2010/3242
RETIRED: Real Networks RealPlayer Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/45327
IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/34765
Net-SNMP GETBULK Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/32020
Microsoft Windows Media Encoder 9 DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42855
Microsoft Windows 'Win32k.sys' Cursor Linking Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45289
Microsoft Windows CVE-2010-3941 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45287
Microsoft Windows CVE-2010-3944 'Win32k.sys' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45298
Microsoft Windows CVE-2010-3942 'Win32k.sys' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45288
Microsoft Windows Kernel 'CreateDIBPalette()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42291
Microsoft Windows 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45286
Microsoft Windows OpenType Font (OTF) Driver Invalid Array Index Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45311
Microsoft Windows OpenType Font (OTF) Driver CMAP Table Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45316
Microsoft Windows OpenType Font (OTF) Driver Double-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45315
Microsoft Internet Explorer Uninitialized HTML Element CVE-2010-3346 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45261
Microsoft Internet Explorer Uninitialized Object CVE-2010-3340 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45255
Microsoft Internet Explorer Uninitialized Object CVE-2010-3343 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45259
Microsoft Internet Explorer CSS Tags Uninitialized Memory Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44536
Microsoft Internet Explorer Select HTML Element Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45260
Microsoft Internet Explorer CVE-2010-3348 Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45263
Microsoft Internet Explorer CVE-2010-3342 Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45256
Microsoft Windows Kernel Task Scheduler Service Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44357
Microsoft Internet Connection Wizard DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42713
Microsoft Windows Address Book 'wab32res.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/42648
Microsoft Windows Kernel NDProxy Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45269
Microsoft Windows Consent User Interface Registry Key Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45318
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
http://www.securityfocus.com/bid/35848
Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability
http://www.securityfocus.com/bid/44030
Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/44027
Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44035
Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44032
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability
http://www.securityfocus.com/bid/44017
Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/44012
Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44014
Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44009
Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44016
Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability
http://www.securityfocus.com/bid/43985
Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43971
Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43965
Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43979
IBM Tivoli Storage Manager Client Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/45401
HP StorageWorks Hidden Admin User Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/45386
Microsoft Publisher 'pubconv.dll' Array Index Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45280
Microsoft Publisher Array Index Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45282
Microsoft Publisher Size Value Heap Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45277
Microsoft Publisher (CVE-2010-3954) Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45281
Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44011
Oracle Java SE and Java for Business CVE-2010-3558 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/44021
Oracle Java SE and Java for Business CVE-2010-3560 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44024
Oracle Java SE and Java for Business CVE-2010-3563 BasicServiceImpl Vulnerability
http://www.securityfocus.com/bid/43999
Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43988
Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability
http://www.securityfocus.com/bid/44028
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability
http://www.securityfocus.com/bid/44038
Oracle Java SE and Java for Business CVE-2010-3550 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/44040
Eucalyptus Administrator Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/45462
Opera Web Browser Prior to 11.00 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/45461
SolarFTP Multiple Commands Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/45460
Altarsoft Audio Converter File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45456
BEdita 'admin_controller.php' Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/45454
slickMsg 'error' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45447
phpMyFAQ Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/45442
Anwiki 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45441
Joomla! JRadio Component 'controller' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/45440
DorsaCMS 'ShowPage.aspx' SQL Injection Vulnerability
http://www.securityfocus.com/bid/45430
0 件のコメント:
コメントを投稿