ユーザーサイト/パートナーサイトのシステムメンテナンスのお知らせ
http://asteria.jp/news/20101203-150000.html
FTC、行動ターゲティングの拒否手段「Do Not Track」を提案
http://itpro.nikkeibp.co.jp/article/NEWS/20101203/354837/?ST=security
JVNVU#510208 ISC BIND named の allow-query の処理における脆弱性
http://jvn.jp/cert/JVNVU510208/index.html
JVNDB-2010-002022 Linux kernel の do_anonymous_page 関数における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002022.html
JVNDB-2010-001300 Linux kernel の net/ipv4/tcp_input.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001300.html
JVNDB-2010-001004 Linux kernel の e1000 ドライバにおけるパケットフィルタの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001004.html
JVNDB-2009-002468 Linux kernel の ATI Rage 128 ドライバにおける権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002468.html
JVNDB-2009-002497 Linux kernel の gdth_read_event 関数における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002497.html
JVNDB-2010-000054 Flash Player におけるアクセス制限回避の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000054.html
JVNDB-2010-002118 64-bit プラットフォーム上で稼働している Linux kernel の compat_alloc_user_space 関数における権限昇格の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002118.html
JVNDB-2010-002134 Linux kernel のネットワークキューイング機能の実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002134.html
JVNDB-2010-002169 複数の Microsoft 製品の toStaticHTML 関数 および SafeHTML 関数におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002169.html
JVNDB-2010-002442 Apple Mac OS X の xar におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002442.html
JVNDB-2010-002441 Apple Mac OS X の Wiki サーバにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002441.html
JVNDB-2010-002440 Apple Mac OS X の Safari RSS における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002440.html
JVNDB-2010-002439 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002439.html
JVNDB-2010-002438 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002438.html
JVNDB-2010-002437 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002437.html
VMware Security Updates VMSA-2010-0018
http://isc.sans.edu/diary.html?storyid=10033
T'is the season to be SPAMMY, trallalalaa la la la laaa
http://isc.sans.edu/diary.html?storyid=10027
AVG Update Bricking windows 7 64 bit
http://isc.sans.edu/diary.html?storyid=10030
Pandora FMS less 3.1 Path Traversal and LFI
http://securityreason.com/securityalert/7926
SiteEngine 5.x Multiple Remote Vulnerabilities
http://securityreason.com/securityalert/7925
Oracle MySQL less 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
http://securityreason.com/securityalert/7924
REMOTE: iFTPStorage for iPhone / iPod touch less 1.3 - Directory Traversal
http://www.exploit-db.com/exploits/15664/
+ OpenSSL 0.9.8q, 1.0.0c released
http://www.openssl.org/news/
http://www.openssl.org/source/exp/CHANGES
+ OpenSSL Ciphersuite Downgrade Security Weakness
http://www.openssl.org/news/secadv_20101202.txt
http://www.securityfocus.com/bid/45164
+ OpenSSL J-PAKE Security Bypass Vulnerability
http://www.openssl.org/news/secadv_20101202.txt
http://www.securityfocus.com/bid/45163
+ Linux Kernel Local Address Limit Override Security Weakness
http://www.securityfocus.com/bid/45159
+ ProFTPD Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/45150
[ANN] Apache parent 8 Released
http://maven.apache.org/apache-resource-bundles/apache-source-release-assembly-descriptor/
Google Chrome 8.0.552.215 released
http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html
CESA-2010:0919 (php)
http://lwn.net/Alerts/418413/
CESA-2010:0926 (krb5)
http://lwn.net/Alerts/418415/
UPDATE: Cisco Security Response: Cisco IPSec VPN Implementation Group Name Enumeration Vulnerability
http://www.cisco.com/warp/public/707/cisco-sr-20101124-vpn-grpname.shtml
eidelweiss : Digitalus 1.10.0 Alpha2 Arbitrary File Upload vulnerability.txt
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34388
eVuln : [EV0151] Multiple XSS in Alguest
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34390
Hewlett-Packard : HP-UX Code-execution, DoS
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34383
Red Hat : [RHSA-2010:0934-0] acroread: Critical Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34379
Red Hat : [RHSA-2010:0935-01] java-1.4.2-ibm: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34380
Red Hat : [RHSA-2010:0936-01] kernel: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34381
Debian : [DSA-2128-1] New libxml2 packages fix potential code execution
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34384
Debian : [DSA-2129-1] New krb5 packages fix checksum verification weakness
http://www.criticalwatch.com/support/security-advisories.aspx?AID=34385
「ウィキリークス」に関連したフィッシング詐欺に注意
「出現するのは時間の問題」、米セキュリティ組織が警告
http://itpro.nikkeibp.co.jp/article/NEWS/20101202/354823/?ST=security
JPCERT/CC WEEKLY REPORT 2010-12-01
http://www.jpcert.or.jp/wr/2010/wr104601.html
JVNVU#706148 ISC BIND におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU706148/index.html
JVNVU#510208 ISC BIND named の allow-query の処理における脆弱性
http://jvn.jp/cert/JVNVU510208/index.html
JVNVU#837744 ISC BIND named validator に脆弱性
http://jvn.jp/cert/JVNVU837744/index.html
JVNDB-2010-002144 PostgreSQL の PL/perl および PL/Tcl 実装における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002144.html
JVNDB-2010-002141 FreeType の Mac_Read_POST_Resource 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002141.html
JVNDB-2010-002143 FreeType の Standard Encoding Accented Character の呼び出しにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002143.html
JVNDB-2010-002142 FreeType の bdf/bdflib.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002142.html
JVNDB-2010-002089 Adobe Flash に脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002089.html
JVNDB-2010-002436 Apple Mac OS X の QuickTime における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002436.html
JVNDB-2010-002435 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002435.html
JVNDB-2010-002434 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002434.html
JVNDB-2010-002433 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002433.html
JVNDB-2010-002432 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002432.html
New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform previe
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00013.html
Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00012.html
NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-12/msg00011.html
SQL Injection: Wordpress 3.0.2 released
http://isc.sans.edu/diary.html?storyid=10021
ProFTPD distribution servers compromised
http://isc.sans.edu/diary.html?storyid=10024
BIND Bugs Let Remote Users Bypass Access Controls and Deny Service
http://securitytracker.com/alerts/2010/Dec/1024817.html
Apple Directory Services Memory Corruption
http://securityreason.com/securityalert/7923
Digitalus CMS File Upload Security Issue
http://secunia.com/advisories/42442/
Image Viewer CP Pro / Gold ActiveX Control "Image2PDF()" Buffer Overflow
http://secunia.com/advisories/42445/
ProFTPD Compromised Source Packages Backdoor Security Issue
http://secunia.com/advisories/42449/
Novell Sentinel Log Manager Tomcat Vulnerability
http://secunia.com/advisories/42454/
D-Link DIR-615 "tools_admin.php" Security Issue
http://secunia.com/advisories/42439/
ClamAV Multiple Vulnerabilities
http://secunia.com/advisories/42426/
Red Hat JBoss Enterprise Application Platform Three Vulnerabilities
http://secunia.com/advisories/42398/
LittlePhpGallery "repertoire" Local File Inclusion Vulnerability
http://secunia.com/advisories/42444/
Eclime Multiple Vulnerabilities
http://secunia.com/advisories/42424/
Drupal Outline Designer Module Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/42452/
Drupal Comment Edited Module Script Insertion Vulnerability
http://secunia.com/advisories/42450/
Drupal Services Module Security Bypass Vulnerability
http://secunia.com/advisories/42447/
Ubuntu update for bind
http://secunia.com/advisories/42459/
BIND "allow-query" ACL Bypass Vulnerability
http://secunia.com/advisories/42458/
BIND Key Algorithm Rollover Weakness
http://secunia.com/advisories/42435/
BIND RRSIG / ncache Denial of Service Vulnerability
http://secunia.com/advisories/42374/
HP-UX update for OpenSSL
http://secunia.com/advisories/42457/
Fedora update for kernel
http://secunia.com/advisories/42415/
Debian update for libxml2
http://secunia.com/advisories/42429/
Debian update for krb5
http://secunia.com/advisories/42420/
Fedora update for java-1.6.0-openjdk
http://secunia.com/advisories/42417/
Red Hat update for java-1.4.2-ibm
http://secunia.com/advisories/42432/
Red Hat update for kernel
http://secunia.com/advisories/42400/
Red Hat update for acroread
http://secunia.com/advisories/42401/
ProFTPD 1.3.3c compromised source remote root Trojan
http://www.exploit-db.com/exploits/15662/
Image Viewer CP Gold v5.5 Image2PDF() Buffer Overflow (msf)
http://www.exploit-db.com/exploits/15658/
MediaCoder 0.7.5.4795 .m3u Buffer Overflow (SEH)
http://www.exploit-db.com/exploits/15663/
FreeTrim MP3 2.2.3 Denial of Service Vulnerability
http://www.exploit-db.com/exploits/15657/
ProFTPD HELP Command Remote Shell Command Injection Backdoor
http://www.vupen.com/english/advisories/2010/3107
ClamAV Multiple Memory Corruption and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/3106
HP-UX Security Update Fixes OpenSSL Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2010/3105
WordPress "do_trackbacks()" SQL Injection Information Disclosure Issue
http://www.vupen.com/english/advisories/2010/3104
Ubuntu Security Update Fixes BIND Security Bypass and DoS Issues
http://www.vupen.com/english/advisories/2010/3103
ISC BIND Multiple Security Bypass and Denial of Service Vulnerabilities
http://www.vupen.com/english/advisories/2010/3102
Debian Security Update Fixes krb5 Checksum Handling Vulnerabilities
http://www.vupen.com/english/advisories/2010/3101
Debian Security Update Fixes Libxml2 Memory Corruption Vulnerability
http://www.vupen.com/english/advisories/2010/3100
MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/34051
Fedora 'Dracut' Package Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/45046
Cisco VPN Concentrator Groupname Enumeration Weakness
http://www.securityfocus.com/bid/13992
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/41544
Linux Kernel 'sctp_outq_flush()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/43480
Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability
http://www.securityfocus.com/bid/43787
Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44011
MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235
OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability
http://www.securityfocus.com/bid/40502
Adobe Acrobat, Reader, and Flash CVE-2010-3654 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44504
Adobe Reader 9.4 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44638
OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164
OpenSSL J-PAKE Security Bypass Vulnerability
http://www.securityfocus.com/bid/45163
FontForge Bitmap Distribution Format (.BDF) Font File Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45162
Contenido CMS Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45160
Linux Kernel Local Address Limit Override Security Weakness
http://www.securityfocus.com/bid/45159
Etomite Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/45158
Image Viewer CP Pro/Gold ActiveX Control 'Image2PDF()' Method Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/45155
Drupal Outline Designer Book Node Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/45154
FreeTrim MP3 '.cda' File Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/45153
Drupal Comment Edited Module Unspecified HTML Injection Vulnerability
http://www.securityfocus.com/bid/45151
ProFTPD Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/45150
Drupal Services Module 'node.save' Security Bypass Vulnerability
http://www.securityfocus.com/bid/45149
Annuaire Component for Joomla! 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/45147
Ananda Real Estate 'list.asp' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45146
0 件のコメント:
コメントを投稿