PSN-2011-04-222: 2011-04 Routing & Switching: No Scheduled SIRT Security Bulletins for April 2011
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2011-04-222&viewMode=view
米当局、200万台超が感染した「Coreflood」ボットネットを閉鎖
http://itpro.nikkeibp.co.jp/article/NEWS/20110415/359465/?ST=security
JVNTA11-102A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA11-102A/index.html
JVNVU#643615 libpng に脆弱性
http://jvn.jp/cert/JVNVU643615/index.html
JVNVU#576029 libpng における圧縮された補助チャンクの処理に脆弱性
http://jvn.jp/cert/JVNVU576029/index.html
JVNVU#314158 Apple Mac OS X における脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU314158/index.html
JVNVU#658892 Apple Safari における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU658892/index.html
JVNVU#597782 Apple iOS 4.2 系における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU597782/index.html
JVNVU#805814 Apple iOS 4.3 系における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU805814/index.html
Microsoft MHTML Stack Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025359
IBM Tivoli Directory Server Bugs Let Remote Users Execute Arbitrary Code and Local Privileged Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1025358
Apple Mac OS X Fraudulent SSL Certificates Information Disclosure
http://www.vupen.com/english/advisories/2011/0985
Apple Safari WebKit Use-after-free and Integer Overflow Vulnerabilities
http://www.vupen.com/english/advisories/2011/0984
Apple iOS Code Execution and Information Disclosure Vulnerabilities
http://www.vupen.com/english/advisories/2011/0983
Invensys Wonderware InBatch BatchField ActiveX Control Stack Overflow
http://www.vupen.com/english/advisories/2011/0982
SAP NetWeaver Multiple Parameter Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/advisories/2011/0981
Microsoft Reader LIT File Processing Multiple Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2011/0980
+ Linux kernel 2.6.38.3 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3
+ Linux kernel 2.6.38.3 released
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.3
+ Perl 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness
http://www.securityfocus.com/bid/47124
++ Courier-IMAP 2.9.1 released
http://www.courier-mta.org/download.php#imap
- Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025360
RHSA-2011:0447-1: Moderate: krb5 security update
http://rhn.redhat.com/errata/RHSA-2011-0447.html
About Security Update 2011-002
http://support.apple.com/kb/HT4608
About the security content of Safari 5.0.5
http://support.apple.com/kb/HT4596
About the security content of iOS 4.2.7 Software Update for iPhone
http://support.apple.com/kb/HT4607
About the security content of iOS 4.3.2 Software Update
http://support.apple.com/kb/HT4606
Chrome 10.0.648.205 released
http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html
Oracle Critical Patch Update Pre-Release Announcement - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
SuSE : [SUSE-SA:2011:016] xorg-x11
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35618
Debian : [DSA-2218-1] vlc: heap-based buffer overflow
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35604
Hewlett-Packard : Certain HP Photosmart Printers, Remote Unauthorized Access, Cross Site Scripting (XSS)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35605
High-Tech Bridge SA : [HTB22925] Path disclosure in Plogger
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35606
High-Tech Bridge SA : [HTB22926] XSS vulnerability in Plogger
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35607
High-Tech Bridge SA : [HTB22927] CSRF (Cross-Site Request Forgery) in Webjaxe
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35608
High-Tech Bridge SA : [HTB22928] Multiple SQL Injections in WebsiteBaker
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35609
High-Tech Bridge SA : [HTB22929] Multiple Path disclosure in WebsiteBaker
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35610
High-Tech Bridge SA : [HTB22930] Multiple XSS in WebCalendar
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35611
Mandriva : [MDVSA-2011:074] qt4
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35603
nSense : [NSENSE-2011-001] VeryPDF pdf2tif
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35613
Red Hat : [RHSA-2011:0429-01] kernel: Important Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35601
Red Hat : [RHSA-2011:0436-01] avahi: Moderate Advisory
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35602
Slackware Linux : [SSA:2011-101-02] kdelibs: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35598
Slackware Linux : [SSA:2011-098-01] libtiff: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35599
Slackware Linux : [SSA:2011-096-01] xrdb: Security Update
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35600
DcLabs : [DCA-2011-0010] TOTVS Microsiga Protheus ERP - Memory Corruption
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35619
Luigi Auriemma : Stack overflow in Microsoft HTML Help 6.1 (CHM files)
http://www.criticalwatch.com/support/security-advisories.aspx?AID=35612
カスペルスキーがAndroid向けセキュリティソフト、当面は無料で提供
盗難対策やウイルス対策などを備える、有料版の提供時期は未定
http://itpro.nikkeibp.co.jp/article/NEWS/20110414/359461/?ST=security
Apple Security Patches for OS X and iOS
http://isc.sans.edu/diary.html?storyid=10708
Sysinternals updates, a new blog post, and webcast
http://isc.sans.edu/diary.html?storyid=10711
PHP Album Multiple Vulnerabilities
http://secunia.com/advisories/44078/
Sonexis ConferenceManager Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/44001/
FiberHome HG-110 Router Cross-Site Scripting and File Disclosure Vulnerabilities
http://secunia.com/advisories/44085/
Cacti "drp_action" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/44133/
TinyBB "post" SQL Injection Vulnerability
http://secunia.com/advisories/44165/
Ubuntu update for gimp
http://secunia.com/advisories/44112/
BoltWire "p" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/43421/
Fedora update for perl
http://secunia.com/advisories/44168/
Orbeon Forms Multiple Vulnerabilities
http://secunia.com/advisories/44139/
SAP NetWeaver Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/44187/
CA Total Defense Multiple Vulnerabilities
http://secunia.com/advisories/44097/
phplist: cross site request forgery (CSRF)
http://securityreason.com/securityalert/8199
O2 classic router: persistent cross site scripting (XSS) and cross site request forgery (CSRF)
http://securityreason.com/securityalert/8198
Cisco Security Agent Web Management Interface Bug Lets Remote Users Execute Arbitrary Code
http://securityreason.com/securityalert/8197
libxslt generate-id() Discloses Heap Addresses to Remote Users
http://www.securitytracker.com/id/1025365
Apple Safari Text Node Use-After-Free Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025363
Mac OS X Includes Some Invalid Comodo Certificates
http://www.securitytracker.com/id/1025362
Microsoft Reader Memory Corruption Errors Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1025360
Linux Kernel EFI GUID Partition Table Buffer Overflow Lets Local Users Deny Service
http://www.securitytracker.com/id/1025355
HP Network Node Manager i Lets Local Users Access Files and Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1025354
RealNetworks RealPlayer "OpenURLInDefaultBrowser()" Code Execution
http://www.vupen.com/english/advisories/2011/0979
MediaWiki Cross Site Scripting and CSS Image Injection Vulnerabilities
http://www.vupen.com/english/advisories/2011/0978
CA Total Defense Remote Code Execution and SQL Injection Vulnerabilities
http://www.vupen.com/english/advisories/2011/0977
Red Hat Enterprise Virtualization Kernel GRO Denial of Service Vulnerability
http://www.vupen.com/english/advisories/2011/0976
SuSE Security Update Fixes X.Org X11 Command Injection Vulnerability
http://www.vupen.com/english/advisories/2011/0975
LOCAL: SimplyPlay v.66 .pls File Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/17171/
LOCAL: NEdit 5.5 Format String Vulnerability
http://www.exploit-db.com/exploits/17169/
Microsoft Windows 'xxxRealDrawMenuItem()' Function Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42250
RETIRED: Microsoft Windows Kernel 'xxxRealDrawMenuItem()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42497
X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
http://www.securityfocus.com/bid/47189
GNOME Display Manager Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47063
WebKit Style Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46849
libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617
MIT Kerberos kadmind Change Password Feature Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47310
WebKit WBR Tags Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46822
Apple Mobile Safari for iOS 4.2.1 Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46832
libxslt 'xsltGenerateIdFunction()' Function Heap Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46818
Winamp '.wlz' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47334
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1240) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47217
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1239) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47216
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1241) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47218
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1242) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47219
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1237) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47214
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1238) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47215
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1233) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47233
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1236) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47213
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1235) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47212
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47211
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1229) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47229
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1227) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47227
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1230) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47230
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1228) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47228
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1231) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47231
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1232) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47232
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1225) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47225
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0676) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47220
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0677) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47224
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1226) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47226
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0675) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47210
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0674) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47209
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0672) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47207
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0670) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47205
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0666) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47203
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0662) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47194
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0665) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47202
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0671) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47206
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1234) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47234
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-0667) Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47204
Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47192
Microsoft Internet Explorer Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/46821
Microsoft Internet Explorer Layout Handling Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47190
Microsoft Internet Explorer Frame Tag Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47191
Microsoft Internet Explorer 'ReleaseInterface()' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45639
Perl 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness
http://www.securityfocus.com/bid/47124
Microsoft Windows OpenType Font (OTF) Driver Stack Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47179
Microsoft GDI+ EMF Image Processing Integer Overflow Memory Corruption Vulnerability
http://www.securityfocus.com/bid/47250
Microsoft Windows MHTML Script Code Injection Vulnerability
http://www.securityfocus.com/bid/46055
Microsoft Windows Fax Cover Page Editor Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/45583
7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/46936
Microsoft Excel Data Validation Record Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47256
McAfee Firewall Reporter 'GernalUtilities.pm' Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/47306
HP Network Node Manager i Unspecified Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47162
YUI Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/44420
PDF Extract TIFF 'pdf2tif.dll' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47322
Google Chrome Prior to 10.0.648.205 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/47377
Oracle April 2011 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/47376
Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47375
TimThumb Multiple Denial of Service and Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47374
EZ-Shop 'specialoffer.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/47373
PhpAlbum.net 'var3' Parameter Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/47369
NEdit Preference File Name Format String Vulnerability
http://www.securityfocus.com/bid/47368
BoltWire 'p' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47364
Cacti 'drp_action' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/47363
Orbeon Forms XML Injection Vulnerability
http://www.securityfocus.com/bid/47362
SAP Netweaver Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/47360
SAP GUI 'saplogon.ini' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47359
EC Software Help & Manual 'ijl15.dll' DLL Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/47349
0 件のコメント:
コメントを投稿