[ANNOUNCE] Apache MINA 2.0.2 released
http://mina.apache.org/downloads.html
[ANNOUNCE] libmnl 1.0.0 release
http://www.netfilter.org/projects/libmnl/
[ProFTPD-announce] ProFTPD 1.3.4rc1 released!
http://www.proftpd.org/docs/NEWS-1.3.4rc1
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.4rc1
APSB10-30: Security update available for Adobe Photoshop CS5
http://www.adobe.com/support/security/bulletins/apsb10-30.html
年末年始の営業に関するご案内
http://www.trendmicro.co.jp/support/news.asp?id=1504
Trend Micro Threat Discovery Appliance 2.6 および Trend Micro Threat Mitigator 2.6 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1502
プレス発表
「2010年度 情報セキュリティの脅威に対する意識調査」報告書の公開
~スマートフォン利用者の約5割がデータの盗難・漏えいに不安を実感~
http://www.ipa.go.jp/about/press/20101220_3.html
Google、マルウエア感染などが疑われるWebサイトを検索結果ページで警告
http://itpro.nikkeibp.co.jp/article/NEWS/20101220/355394/?ST=security
JVNVU#603928 Ecava IntegraXor にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU603928/index.html
JVNVU#545319 Apple Time Capsule および AirPort Base Station (802.11n) における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU545319/index.html
JVNDB-2010-001965 Hypervisor の命令のエミュレーションにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001965.html
JVNDB-2010-002303 Pidgin の MSN プロトコルプラグインの msn_emoticon_msg 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002303.html
JVNDB-2009-001957 Mozilla NSS における X.509 証明書を偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001957.html
JVNDB-2009-001151 OpenSSL の ASN1_STRING_print_ex 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001151.html
JVNDB-2010-002117 bzip2 および libbzip2 の BZ2_decompress 関数における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002117.html
JVNDB-2010-002104 Samba の sid_parse および dom_sid_parse 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002104.html
JVNDB-2006-000441 Apache HTTP Server の Expect リクエストヘッダにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000441.html
JVNDB-2007-001017 Apache HTTP Server の 413 エラーメッセージにおける HTTP メソッドを適切に検査しない問題
http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001017.html
JVNDB-2010-002527 Linux kernel の fs/aio.c 内にある io_submit_one 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002527.html
JVNDB-2010-002526 PGP Desktop にデータインジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002526.html
JVNDB-2010-002525 Apple iOS の Telephony 内にある GSM 方式の通信管理の実装におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002525.html
JVNDB-2010-002524 Apple iOS の Photos における MobileMe アカウントのパスワードを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002524.html
JVNDB-2010-002523 Apple iOS の Networking における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002523.html
JVNDB-2010-002522 Apple iOS の WebKit における Mail のリモートイメージの読み込み設定を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002522.html
JVNDB-2010-002521 libxml2 の XPath 表現におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002521.html
JVNDB-2010-002520 Apple iOS の iAd Content Display における電話をかけられる脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002520.html
JVNDB-2010-002519 FreeType の ttinterp.c 内にある Ins_SHZ 関数におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002519.html
JVNDB-2010-002518 Apple iOS のプロファイルを偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002518.html
Highlight of Survey Related to Issues Affecting Businesses in 2010
http://isc.sans.edu/diary.html?storyid=10114
LOCAL: Word Splash Pro less= 9.5 Buffer Overflow
http://www.exploit-db.com/exploits/15782/
+ ProFTPD 1.3.3d released!
http://www.proftpd.org/docs/NEWS-1.3.3d
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3d
- Linux kernel 2.4.37.11 released
http://www.kernel.org/
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.11
- ISC BIND 'allow-query' Zone ACL Security Bypass Vulnerability
http://www.securityfocus.com/bid/45134
- Linux Kernel less 2.6.37-rc2 ACPI custom_method Privilege Escalation
http://www.exploit-db.com/exploits/15774/
FreeBSD Foundation December 2010 Newsletter
http://www.freebsd.org/news/newsflash.html#event20101216:01
Linux Kernel release: 2.4.37.11
http://www.linux.org/news/2010/12/18/0001.html
Postfix 2.8 Snapshot 20101217
http://mirror.postfix.jp/postfix-release/experimental/postfix-2.8-20101217.HISTORY
UPDATE: Microsoft Security Advisory (973811): Extended Protection for Authentication
http://www.microsoft.com/technet/security/advisory/973811.mspx
Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00189.html
Apple Quicktime Memory Corruption - CVE-2010-3801
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00190.html
[ GLSA 201012-01 ] Chromium: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00184.html
Alt-N WebAdmin Source Code Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00186.html
http://www.evuln.com/ : "link" and "linkdescription" XSS in Social Share
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00185.html
http://www.evuln.com/ : "titl","url" - Non-persistent XSS in Social Share
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00180.html
[ MDVSA-2010:257 ] kernel
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00179.html
[USN-1033-1] Eucalyptus vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00188.html
ラネクシー、中小規模ネット向けのWindows用統合型セキュリティゲートウエイソフトを発売
http://itpro.nikkeibp.co.jp/article/NEWS/20101217/355367/?ST=security
IPAが社会インフラ狙う「新しいタイプの攻撃」の分析レポートを公開
http://itpro.nikkeibp.co.jp/article/NEWS/20101217/355365/?ST=security
JVNVU#706148 ISC BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU706148/index.html
JVNVU#510208 ISC BIND named の allow-query の処理における脆弱性
http://jvn.jp/cert/JVNVU510208/index.html
JVNVU#837744 ISC BIND named validator に脆弱性
http://jvn.jp/cert/JVNVU837744/index.html
Intel's new processors have a remote kill switch (Anti-Theft 3.0)
http://isc.sans.edu/diary.html?storyid=10111
Where are the Wi-Fi Driver Vulnerabilities?
http://isc.sans.edu/diary.html?storyid=10105
Reports of Attacks against EXIM vulnerability
http://isc.sans.edu/diary.html?storyid=10093
Microsoft Security Essentials Update
http://isc.sans.edu/diary.html?storyid=10096
Apple Time Capsule and Airport Base Station Updates
http://isc.sans.edu/diary.html?storyid=10099
Opera 11.00 has been released!
http://isc.sans.edu/diary.html?storyid=10102
Vulnerability Note VU#603928: Ecava IntegraXor stack-based buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/603928
Opera Bugs Let Remote Users Obtain Information and Display Misleading Security Information
http://securitytracker.com/alerts/2010/Dec/1024909.html
BlackBerry Desktop Software Weak Password Lets Local Users Decrypt the Backup File
http://securitytracker.com/alerts/2010/Dec/1024908.html
Solar FTP Server FTP Command Processing Denial of Service Vulnerability
http://secunia.com/advisories/42674/
MH Products MHP Downloadshop "ItemID" SQL Injection Vulnerability
http://secunia.com/advisories/42675/
Immo Makler "id" SQL Injection Vulnerability
http://secunia.com/advisories/42676/
MH Products Easy Online Shop "kat" SQL Injection Vulnerability
http://secunia.com/advisories/42680/
SUSE update for java-1_4_2-ibm and IBMJava2-JRE
http://secunia.com/advisories/42681/
Fedora update for mailman
http://secunia.com/advisories/42502/
Fedora update for dhcp
http://secunia.com/advisories/42682/
Ubuntu update for eucalyptus
http://secunia.com/advisories/42666/
Eucalyptus Admin UI Password Reset Vulnerability
http://secunia.com/advisories/42632/
Apple AirPort / Time Capsule Multiple Vulnerabilities
http://secunia.com/advisories/42665/
HP Discovery & Dependency Mapping Inventory Cross-Site Scripting Vulnerability
http://secunia.com/advisories/42637/
HP Power Manager Login Form Buffer Overflow Vulnerability
http://secunia.com/advisories/42644/
IrfanView LuraDocument Format PlugIn Memory Corruption Vulnerability
http://secunia.com/advisories/41439/
Joomla! Lyftenbloggie Component Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/42677/
Slackware update for bind
http://secunia.com/advisories/42671/
IrfanView LuraWave Format PlugIns Multiple Vulnerabilities
http://secunia.com/advisories/41020/
AttacheCase Insecure Executable Loading Vulnerability
http://secunia.com/advisories/42672/
Altarsoft Audio Converter WAV Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/42673/
IBM HTTP Server "apr_brigade_split_line()" Denial of Service Vulnerability
http://secunia.com/advisories/42678/
Astaro update for clam and exim
http://secunia.com/advisories/42679/
Windows Win32k Pointer Dereferencement (MS10-098)
http://securityreason.com/securityalert/7961
LOCAL: Linux Kernel less 2.6.37-rc2 ACPI custom_method Privilege Escalation http://www.exploit-db.com/exploits/15774/
LOCAL: ESTsoft ALYac Anti-Virus 1.5 less= 5.0.1.2 Privilege Escalation Vulnerability http://www.exploit-db.com/exploits/15763/
LOCAL: ViRobot Desktop 5.5 and Server 3.5 less=2008.8.1.1 Privilege Escalation Vulnerability http://www.exploit-db.com/exploits/15764/
LOCAL: NProtect Anti-Virus 2007 less= 2010.5.11.1 Privilege Escalation Vulnerability http://www.exploit-db.com/exploits/15762/
LOCAL: AhnLab V3 Internet Security 8.0 less= 1.2.0.4 Privilege Escalation Vulnerability http://www.exploit-db.com/exploits/15761/
DoS: Ecava IntegraXor Remote ActiveX Buffer Overflow PoC
http://www.exploit-db.com/exploits/15767/
DoS: Windows Win32k Pointer Dereferencement PoC (MS10-098)
http://www.exploit-db.com/exploits/15758/
TYPO3 Code Execution and Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3268
HP Power Manager Administration Web Server Code Execution Vulnerability
http://www.vupen.com/english/advisories/2010/3267
HP Discovery & Dependency Mapping Inventory Cross SIte Scripting
http://www.vupen.com/english/advisories/2010/3266
PCSC-Lite CCID Driver "ReadSerial()" Buffer Overflow Vulnerabiltiy
http://www.vupen.com/english/advisories/2010/3265
PCSC-Lite "ATRDecodeAtr()" ATR Handling Buffer Overflow Vulnerabiltiy
http://www.vupen.com/english/advisories/2010/3264
OpenSC Serial Number Caching Multiple Buffer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2010/3263
BlackBerry Desktop Software Device Backups Encryption Weakness
http://www.vupen.com/english/advisories/2010/3262
Apple Time Capsule and AirPort Base Station Multiple Vulnerabilities
http://www.vupen.com/english/advisories/2010/3261
Ubuntu Security Update Fixes Eucalyptus Password Reset Vulnerability
http://www.vupen.com/english/advisories/2010/3260
Eucalyptus Administrative Interface Password Reset Vulnerability
http://www.vupen.com/english/advisories/2010/3259
Mandriva Security Update Fixes Kernel Privilege Escalation and DoS Issues
http://www.vupen.com/english/advisories/2010/3258
Mandriva Security Update Fixes GIT Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3257
GIT gitweb "gitweb.perl" Multiple Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2010/3256
Slackware Security Update Fixes BIND DoS and Wrong ACL Vulnerabilities
http://www.vupen.com/english/advisories/2010/3255
Linux-PAM 'pam_env' and 'pam_mail' Modules Multiple Vulnerabilities
http://www.securityfocus.com/bid/43487
pam-xauth Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42472
PAM 'pam_namespace' Module Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/44590
RETIRED: Apple Time Capsule and AirPort Base Station Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/45466
Apple QuickTime FlashPix Image (CVE-2010-3801) Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45240
Microsoft Windows CVE-2010-3944 'Win32k.sys' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45298
Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44035
Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44032
Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
http://www.securityfocus.com/bid/36935
Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/44027
Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability
http://www.securityfocus.com/bid/44030
Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/44012
Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44016
Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44014
Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44009
Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability
http://www.securityfocus.com/bid/44017
Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability
http://www.securityfocus.com/bid/43985
Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43971
Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43965
Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43979
ISC BIND Key Algorithm Rollover Security Vulnerability
http://www.securityfocus.com/bid/45137
ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45133
ISC BIND 'allow-query' Zone ACL Security Bypass Vulnerability
http://www.securityfocus.com/bid/45134
ISC DHCP Server Failover Peer Port Field Denial of Service Vulnerability
http://www.securityfocus.com/bid/45360
OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164
GNU Mailman Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/43187
Apache APR-util 'apr_brigade_split_line' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43673
BLOG:CMS Multiple HTML Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45432
Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/44301
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44242
Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43787
Linux Kernel 'do_io_submit()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43353
Linux Kernel Econet Protocol Multiple Local Vulnerabilities
http://www.securityfocus.com/bid/45072
eSitesBuilder Username Enumeration Weakness
http://www.securityfocus.com/bid/45488
WordPress Embedded Video Plugin 'lembedded-video.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/45486
Social Share Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45485
ESTsoft ALYac 'AYDrvNT.sys' IOCTL Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45484
CubeCart Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/45483
Multiple ViRobot Products 'VRsecos.sys' IOCTL Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45482
Radius Manager Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45481
AhnLab V3 Internet Security 'AhnRec2k.sys' IOCTL Handling Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45479
Softbiz PHP Joke Site Software Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45478
MH Products Easy Online Shop 'kat' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45477
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
http://www.securityfocus.com/bid/45476
MH Products Immo Makler 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45475
MHP Downloadshop 'view_item.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/45474
D-Link DIR-300 'tools_admin.php' Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/45473
IrfanView Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/45472
AttacheCase DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/45471
0 件のコメント:
コメントを投稿