31日 月曜日、友引

JVN#56667137 複数のスカイアークシステム製品におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN56667137/index.html

JVN#41032068 複数のスカイアークシステム製品におけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN41032068/index.html

REMOTE: BroadWin WebAccess SCADA/HMI Client Remote Code Execution
http://www.exploit-db.com/exploits/18051

DoS/PoC: Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC
http://www.exploit-db.com/exploits/18052

DoS/PoC: Microsys PROMOTIC 8.1.4 ActiveX GetPromoticSite Unitialized Pointer
http://www.exploit-db.com/exploits/18049

+ Linux Kernel Network Bridge NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50417

[ANNOUNCEMENT] Apache Commons Digester 3.1 released!
http://commons.apache.org/digester/download_digester.cgi

[courier-announce] Courier and courier-imap builds 20111028
http://www.courier-mta.org/download.php

UPDATE: HPSBUX02715 SSRT100623 rev.3 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Benetl, a free ETL tool for postgreSQL, is out in version 3.8
http://www.postgresql.org/about/news.1361

PostgreSQL Data Sync released
http://www.postgresql.org/about/news.1360

LedgerSMB 1.3.0 Released
http://www.postgresql.org/about/news.1359

Debian : [DSA-2329-1] torque - Buffer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37003

Hewlett-Packard : [HPSBMU02714 SSRT100244] - HP - Network Node Manager i - Information Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36996

High-Tech Bridge SA : [HTB23052] SPIP - Path Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37002

Red Hat : [RHSA-2011:1402-01] FreeType - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37004

Red Hat : [RHSA-2011:1409-01] OpenSSL - Security Bypass Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37005

Ubuntu Security Notice : [USN-1238-2] Puppet - Man-In-The-Middle Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37006

Ubuntu Security Notice : [USN-1247-1] Nova - Information Disclosure Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37007

Ubuntu Security Notice : [USN-1248-1] KDE-Libs - Spoofing Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37008

VMware : [VMSA-2011-0013] Multiple Products - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37009

ZDI : [ZDI-11-311] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37010

ZDI : [ZDI-11-312] Apple - QuickTime - Code Execution Isshe
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37011

ZDI : [ZDI-11-313] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37012

ZDI : [ZDI-11-314] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37013

ZDI : [ZDI-11-315] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37014

ZDI : [ZDI-11-316] Apple - QuickTime - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37015

Cisco : [cisco-sa-20111026-webex] Cisco - WebEx Player - Multiple Buffer Overflow Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36997

Cisco : [cisco-sa-20111026-csa] Cisco - Security Agent - Multiple Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36998

Cisco : [cisco-sa-20111026-cucm] Cisco - Unified Communications Manager - Directory Traversal Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36999

Cisco : [cisco-sa-20111026-uccx] Cisco - Unified Contact Center Express - Directory Traversal Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37000

Cisco : [cisco-sa-20111026-camera] Cisco - Video Surveillance IP Cameras - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37001

Gentoo Linux : [GLSA 201110-24] Squid - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36982

Gentoo Linux : [GLSA 201110-25] Pure-FTPd - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36983

Gentoo Linux : [GLSA 201110-26] libxml2 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36984

Hewlett-Packard : [HPSBUX02700 SSRT100506] HP-UX - VEA - Denial-Of-Service and Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36972

Ubuntu Security Notice : [USN-1238-1] Puppet - Man-In-The-Middle Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36974

Ubuntu Security Notice : [USN-1239-1] Linux kernel - EC2 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36975

Ubuntu Security Notice : [USN-1240-1] Linux kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36976

Ubuntu Security Notice : [USN-1241-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36977

Ubuntu Security Notice : [USN-1242-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36978

Ubuntu Security Notice : [USN-1243-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36979

Ubuntu Security Notice : [USN-1245-1] Linux Kernel - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36980

ZDI : [ZDI-11-308] Cisco - WebEx Player - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36985

ZDI : [ZDI-11-309] Novell - iPrint Client - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36986

ZDI : [ZDI-11-310] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36987

ZDI : [ZDI-11-296] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36988

ZDI : [ZDI-11-297] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36989

ZDI : [ZDI-11-298] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36990

ZDI : [ZDI-11-299] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36991

ZDI : [ZDI-11-300] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36992

ZDI : [ZDI-11-301] Adobe - Reader - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36993

ZDI : [ZDI-11-302] Adobe - Reader - Buffer Overflow and Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36994

Cisco : Cisco Nexus OS (NX-OS) - Command Injection Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36968

Gentoo Linux : [GLSA 201110-22] PostgreSQL - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36995

Gentoo Linux : [GLSA 201110-23] Apache - mod_authnz_external - SQL Injection Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36995

Independant Researcher : zFtp Server - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36981

Mandriva : [MDVSA-2011:161] postgresql - Weak Encrypted Password Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36964

Red Hat : [RHSA-2011:1401-01] xen - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36963

Ubuntu Security Notice : [USN-1237-1] PAM - Multiple Denial-Of-Service Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36962

Debian : [DSA-2326-1] PAM - Code Execution Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36966

Debian : [DSA-2327-1] libfcgi-perl - Authentication Bypass Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36970

Debian : [DSA 2328-1] Freetype - Denial-Of-Service and Code Execution Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36973

Gentoo Linux : [GLSA 201110-21] Asterisk - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36971

Independant Researcher : [TC-SA-2011-01] OmniTouch - Instant Communication Suite - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36965

Debian : [DSA-2325-1] kfreebsd-8 - Buffer Overflow Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=36967

[SECURITY] [DSA 2323-1] radvd security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00205.html

[SECURITY] [DSA 2331-1] tor security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00206.html

[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00204.html

[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00203.html

[PT-2011-21] SQL injection vulnerability in OneOrZero AIMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00202.html

[PT-2011-20] Authorization bypass vulnerability in OneOrZero AIMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00201.html

VMSA-2011-0013 VMware third party component updates for VMware vCenter Server, vCenter Updat
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00199.html

[security bulletin] HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorize
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00198.html

[security bulletin] HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Serv
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00197.html

ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00196.html

ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00195.html

ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00194.html

ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00192.html

ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00193.html

ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00191.html

[SECURITY] [DSA 2330-1] simplesamlphp security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00190.html

eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00207.html

[SECURITY] [DSA 2329-1] torque security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00174.html

foofus.net security advisory - Toshiba eStudio Multifunction Printer Information Leakage
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00189.html

APPLE-SA-2011-10-26-1 QuickTime 7.7.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00188.html

[ GLSA 201110-26 ] libxml2: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00187.html

[ GLSA 201110-25 ] Pure-FTPd: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00186.html

[ GLSA 201110-24 ] Squid: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00185.html

DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-33
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00184.html

ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00183.html

ZDI-11-309 : Novell iPrint Client nipplib.dll GetDriverSettings Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00182.html

ZDI-11-308 : Cisco WebEx Player ATAS32.DLL linesProcessed Remote Code Execution Vulnerabilit
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00181.html

ZDI-11-307 : Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vu
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00180.html

ZDI-11-306 : Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerabi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00178.html

ZDI-11-305 : Oracle Java Applet Rhino Script Engine Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00179.html

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00177.html

ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00176.html

SANS AppSec 2012 CFP is Open
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00175.html

JVN#72640744 複数の D-Link 製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN72640744/index.html

JVNVU#402731 Enspire eClient に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU402731/index.html

プレス発表
複数のD-Link製品におけるセキュリティ上の弱点（脆弱性）の注意喚起
http://www.ipa.go.jp/about/press/20111028.html

The Sub Critical Control? Evidence Collection
http://isc.sans.edu/diary.html?storyid=11914

IBM Lotus Sametime Configuration Servlet Lets Remote Users Obtain Configuration Data
http://www.securitytracker.com/id/1026255

Cisco NX-OS Command Validation Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026254

HP Power Manager 'formExportDataLogs' Buffer Overflow
http://securityreason.com/securityalert/8482

Apple Safari Webkit libxslt Arbitrary File Creation
http://securityreason.com/securityalert/8481

Ubuntu update for backuppc
http://secunia.com/advisories/46621/

VMware vCenter Products JRE Multiple Vulnerabilities
http://secunia.com/advisories/46651/

HP-UX update for BIND
http://secunia.com/advisories/46633/

VMware ESX Server Multiple Vulnerabilities
http://secunia.com/advisories/46529/

Enspire eClient Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/46638/

Tor TLS Certificate Reuse User De-Anonymisation Security Issue
http://secunia.com/advisories/46634/

VMware ESXi Server "sblim-sfcb" Integer Overflow Vulnerability
http://secunia.com/advisories/46650/

Gentoo update for libxml2
http://secunia.com/advisories/46601/

BackupPC "num" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/46615/

Cisco NX-OS / Unified Computing System "section" and "less" Privilege Escalation Vulnerabilities
http://secunia.com/advisories/46569/

D-Link Products SSH Server Buffer Overflow Vulnerability
http://secunia.com/advisories/46637/

FFFTP Insecure Executable Loading Vulnerability
http://secunia.com/advisories/46649/

IBM Lotus Sametime Configuration Servlet Authentication Security Issue
http://secunia.com/advisories/46647/

SUSE update for kernel
http://secunia.com/advisories/46608/

HP-UX BIND Requests Processing Remote Denial of Service Vulnerability
http://www.vupen.com/english/ADV-2011-2244.php

Tor Security Update Fixes Multiple Information Disclosure Vulnerabilities
http://www.vupen.com/english/ADV-2011-2243.php

IBM DB2 for Linux, UNIX and Windows "STMM" Security Vulnerability
http://www.vupen.com/english/ADV-2011-2242.php

IBM Lotus Sametime Configuration Servlet Remote Information Disclosure
http://www.vupen.com/english/ADV-2011-2241.php

VMware Products Code Execution and Denial of Service Vulnerabilities
http://www.vupen.com/english/ADV-2011-2240.php

Enspire eClient Data Processing Remote SQL Injection Vulnerability
http://www.vupen.com/english/ADV-2011-2239.php

Winamp Data Processing Multiple Heap and Integer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2011-2238.php

LOCAL: Xorg 1.4 to 1.11.2 File Permission Change PoC
http://www.exploit-db.com/exploits/18040

LOCAL: GTA SA-MP server.cfg Buffer Overflow
http://www.exploit-db.com/exploits/18038

DoS/PoC: GFI Faxmaker - Fax Viewer v10.0[build 237] DoS (Poc).
http://www.exploit-db.com/exploits/18043

Oracle Solaris CVE-2011-2311 ZFS Component Local Vulnerability
http://www.securityfocus.com/bid/50266

Oracle Solaris CVE-2011-2312 'ZFS' Sub Component Local Vulnerability
http://www.securityfocus.com/bid/50269

Oracle Sun Products Suite CVE-2011-3536 Local Vulnerability
http://www.securityfocus.com/bid/50262

Oracle Sun Products Suite CVE-2011-2286 Remote Vulnerability
http://www.securityfocus.com/bid/50265

Oracle Solaris CVE-2011-2304 Remote Vulnerability
http://www.securityfocus.com/bid/50257

Oracle Solaris CVE-2011-2313 Local Solaris Vulnerability
http://www.securityfocus.com/bid/50254

Oracle Sun Solaris CVE-2011-3508 Remote Vulnerability
http://www.securityfocus.com/bid/50201

Oracle Sun Solaris CVE-2011-3515 Local Vulnerability
http://www.securityfocus.com/bid/50235

Oracle Sun Product Suite CVE-2011-3537 Local Vulnerability
http://www.securityfocus.com/bid/50259

Oracle Sun Solaris CVE-2011-3535 Remote Vulnerability
http://www.securityfocus.com/bid/50255

Oracle Sun Solaris CVE-2011-3534 Remote Vulnerability
http://www.securityfocus.com/bid/50251

RETIRED: Linux Kernel kexec-tools Multiple Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/49944

Linux Kernel CVE-2011-3589 kexec-tools 'mkdumprd' Utility Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50415

Empathy 'nickname' Field Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50323

Oracle Java SE and Java for Business CVE-2010-3541 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44032

Oracle Java SE and Java for Business CVE-2010-4469 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46400

Cisco Nexus OS 'section' and 'less' Local Command Injection Vulnerabilities
http://www.securityfocus.com/bid/50347

Oracle Java SE and Java for Business NTLM Credentials Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46411

Oracle Java SE and Java for Business Java Runtime Environment CVE-2010-4454 Remote Vulnerability
http://www.securityfocus.com/bid/46391

Oracle Java SE and Java for Business CVE-2011-0871 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48142

Oracle Java SE and Java for Business CVE-2011-0802 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/48149

Oracle Java SE and Java for Business CVE-2011-0864 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48139

Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820

Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47929

Oracle Java SE and Java for Business CVE-2010-3574 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44011

Microsoft Windows Local DNS Cache Poisoning Vulnerabilities
http://www.securityfocus.com/bid/50281

radvd Multiple Local and Remote Vulnerabilities
http://www.securityfocus.com/bid/50395

Oracle Java SE and Java for Business CVE-2010-3573 Same Origin Bypass Vulnerability
http://www.securityfocus.com/bid/44028

Oracle Java SE and Java for Business CVE-2010-3571 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43965

Oracle Java SE and Java for Business CVE-2010-3572 Remote Sound Vulnerability
http://www.securityfocus.com/bid/44030

Oracle Java SE and Java for Business CVE-2010-3570 Remote Deployment Toolkit Vulnerability
http://www.securityfocus.com/bid/44020

Oracle Java SE and Java for Business 'defaultReadObject' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44016

Oracle Java SE and Java for Business CVE-2010-3568 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/44012

Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability
http://www.securityfocus.com/bid/43985

Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43992

Oracle Java SE and Java for Business CVE-2010-3566 ICC Profile Vulnerability
http://www.securityfocus.com/bid/43988

Oracle Java SE and Java for Business CVE-2010-3562 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43979

Oracle Java SE and Java for Business CVE-2010-3563 BasicServiceImpl Vulnerability
http://www.securityfocus.com/bid/43999

Oracle Java SE and Java for Business CVE-2010-3561 Remote CORBA Vulnerability
http://www.securityfocus.com/bid/44013

Oracle Java SE and Java for Business CVE-2010-3560 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44024

Oracle Java SE and Java for Business CVE-2010-3559 HeadspaceSoundbank.nGetName Vulnerability
http://www.securityfocus.com/bid/44026

Oracle Java SE and Java for Business CVE-2010-3557 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44014

Oracle Java SE and Java for Business CVE-2010-3558 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/44021

Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability
http://www.securityfocus.com/bid/43971

Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability
http://www.securityfocus.com/bid/43994

Oracle Java SE and Java for Business CVE-2010-3555 Remote ActiveX Plug-in Vulnerability
http://www.securityfocus.com/bid/44038

Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability
http://www.securityfocus.com/bid/44035

Oracle Java SE and Java for Business CVE-2010-3552 Remote New Java Plug-in Vulnerability
http://www.securityfocus.com/bid/44023

Oracle Java SE and Java for Business CVE-2010-3551 Remote Networking Vulnerability
http://www.securityfocus.com/bid/44009

Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/44027

Oracle Java SE and Java for Business CVE-2010-3550 Remote Java Web Start Vulnerability
http://www.securityfocus.com/bid/44040

Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50377

MIT Kerberos GSS-API Checksum NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/40235

Oracle Java SE and Java for Business CVE-2010-3548 Remote JNDI Vulnerability
http://www.securityfocus.com/bid/44017

Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46404

Oracle Java SE and Java for Business CVE-2010-4470 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46387

Oracle Java SE and Java for Business CVE-2010-4471 Remote Security Vulnerability
http://www.securityfocus.com/bid/46399

Oracle Java SE and Java for Business CVE-2010-4474 Remote Java DB Vulnerability
http://www.securityfocus.com/bid/46407

Oracle Java SE and Java for Business CVE-2010-4467 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46395

Oracle Java SE and Java for Business CVE-2010-4422 Remote Vulnerability
http://www.securityfocus.com/bid/46402

Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46388

Oracle Java SE and Java for Business Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46386

Oracle Java SE and Java for Business CVE-2010-4451 Vulnerability
http://www.securityfocus.com/bid/46405

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

Oracle Java SE and Java for Business CVE-2010-4473 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46403

Oracle Java SE and Java for Business CVE-2010-4475 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46410

Oracle Java SE and Java for Business CVE-2010-4468 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46393

Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50375

Oracle Java SE and Java for Business CVE-2010-4450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46397

Oracle Java SE and Java for Business Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46394

Oracle Java Applet Clipboard Injection Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46406

Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46398

Oracle Java SE and Java for Business CVE-2010-4447 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46409

Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/49295

Linux Kernel EFI Partition Denial of Service Vulnerability
http://www.securityfocus.com/bid/47343

Linux Kernel CIFS Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49626

Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48687

Oracle Java SE and Java for Business CVE-2011-0815 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48143

Oracle Java SE and Java for Business ICC Profile Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/48137

Oracle Java SE and Java for Business CVE-2011-0865 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48147

Oracle Java SE and Java for Business CVE-2011-0873 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48148

Oracle Java SE and Java for Business CVE-2011-0867 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48144

Oracle Java SE and Java for Business CVE-2011-0814 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48145

Linux Kernel EFI Partition Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47796

X.Org X11 File Read Permission Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50196

ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48566

Multiple Browser Wild Card Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/42817

libuser 'luseradd' Default Password Security Bypass Vulnerability
http://www.securityfocus.com/bid/45791

SBLIM-SFCB Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/40475

OpenSSL Ciphersuite Downgrade Security Weakness
http://www.securityfocus.com/bid/45164

OpenSSL Ciphersuite Modification Allows Disabled Cipher Security Bypass Vulnerability
http://www.securityfocus.com/bid/45254

Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36377

Plici Search 'p48-search.html' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50428

SjXjV 'post.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50426

D-Link DIR-300 Unspecified Remote Code Execution and Remote File Disclosure Vulnerabilities
http://www.securityfocus.com/bid/50424

simpleSAMLphp Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/50423

Joomla! Techfolio Component 'catid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/50422

Opera Web Browser Escape Sequence Stack Buffer Overflow Denial of Service Vulnerability
http://www.securityfocus.com/bid/50421

eFront 'professor.php' Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/50419

Empathy 'nickname' Field 'me-type' Event Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50418

Linux Kernel Network Bridge NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/50417

Tor Directory Remote Information Disclosure Vulnerability Bridge Enumeration Weaknesses
http://www.securityfocus.com/bid/50414

FFFTP Insecure Excutable File Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/50412

Touhou Hisouten Unspecified Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50411

IBM Lotus Sametime Configuration Servlet Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/50410

bzexe '/tmp/$prog' Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/50409

Serendipity Karma Plugin Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50408

BackupPC 'index.cgi' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50406

D-Link Multiple Products Unspecified Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50405

28日 金曜日、大安

Trend Micro Mobile Security 7.0 Critical Patch 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1672

VMSA-2011-0013: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
http://www.vmware.com/security/advisories/VMSA-2011-0013.html

UPDATE: HS11-019: DoS Vulnerability in Hitachi Web Server
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-019/index.html

UPDATE: HS11-019: Hitachi Web ServerにおけるRangeヘッダによるDoS脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-019/index.html

プレス発表
複数のD-Link製品におけるセキュリティ上の弱点（脆弱性）の注意喚起
http://www.ipa.go.jp/about/press/20111028.html

JVNVU#402731 Enspire eClient に SQL インジェクションの脆弱性
http://jvn.jp/cert/JVNVU402731/index.html

JVN#50227837 東方緋想天におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN50227837/index.html

JVN#72640744 複数の D-Link 製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN72640744/index.html

JVN#62336482 FFFTP における実行ファイル読み込みに関する脆弱性
http://jvn.jp/jp/JVN62336482/index.html

JVNDB-2011-000089 東方緋想天におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000089.html

JVNDB-2011-000092 複数の D-Link 製品におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000092.html

JVNDB-2011-000091 FFFTP における実行ファイル読み込みに関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html

JVNDB-2011-002597 Cisco CiscoWorks Common Services の Home Page コンポーネントにおける任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002597.html

JVNDB-2011-002596 Cisco Show and Share における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002596.html

JVNDB-2011-002595 Cisco Show and Share における複数の管理者用ページにアクセスされる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002595.html

JVNDB-2011-002594 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002594.html

JVNDB-2011-002593 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002593.html

JVNDB-2011-002592 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002592.html

JVNDB-2011-002591 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002591.html

JVNDB-2011-002590 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002590.html

JVNDB-2011-002589 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002589.html

JVNDB-2011-002588 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002588.html

JVNDB-2011-002587 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002587.html

JVNDB-2011-002586 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002586.html

JVNDB-2011-002585 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002585.html

JVNDB-2011-002584 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002584.html

JVNDB-2011-002583 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002583.html

JVNDB-2011-002582 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002582.html

JVNDB-2011-002581 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002581.html

JVNDB-2011-002580 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002580.html

JVNDB-2011-002579 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002579.html

JVNDB-2011-002578 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002578.html

JVNDB-2011-002577 Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002577.html

JVNDB-2011-002576 Windows 上で稼働する Oracle Java SE の Java Runtime Environment (JRE) コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002576.html

Critical Control 19: Data Recovery Capability
http://isc.sans.edu/diary.html?storyid=11905

Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/36377

+ HPSBUX02719 SSRT100658 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03070783%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
対象名：HP-UX B.11.11/11.23

UPDATE: HPSBUX02715 SSRT100623 rev.2 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

「マニュアル」のGR4000/GS4000/GS3000マニュアル訂正資料(Ver.10-10-/K対応)を更新しました。
http://www.hitachi.co.jp/Prod/comp/network/manual/manualtop.html

ウェブルートがセキュリティソフトの新版などを展示会に出展
http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371598/?ST=security

シマンテック、約2週間で社内のボットネットを洗い出すサービスを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371549/?ST=security

JVNDB-2011-002575 FreeBSD の "linux emulation" サポートにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002575.html

JVNDB-2011-002574 IBM DB2 Express Edition の FreeBSD の db2rspgn における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002574.html

JVNDB-2011-002573 QNX Neutrino RTOS の runtime linker におけるファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002573.html

JVNDB-2011-002572 Oracle Solaris における Remote Quota Server の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002572.html

JVNDB-2011-002571 Oracle OpenSSO における認証の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002571.html

JVNDB-2011-002570 Oracle Sun Products Suite の Oracle Communications Unified コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002570.html

JVNDB-2011-002569 Oracle OpenSSO における認証の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002569.html

JVNDB-2011-002568 Oracle Sun Products Suite の Oracle Communications Unified コンポーネントおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002568.html

JVNDB-2011-002567 Oracle Sun Products Suite の Oracle Waveset コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002567.html

JVNDB-2011-002566 Oracle Solaris 11 Express における iSCSI DataMover の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002566.html

JVNDB-2011-002565 racle Solaris における Kernel/Performance Counter BackEnd Module の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002565.html

JVNDB-2011-002564 Oracle Solaris における Process File System (procfs) の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002564.html

JVNDB-2011-002563 Oracle Solaris における LDAP library の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002563.html

JVNDB-2011-002562 Oracle Solaris における ZFS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002562.html

Critical Control 18: Incident Response Capabilities
http://isc.sans.edu/diary.html?storyid=11899

Software Update Potpourri
http://isc.sans.edu/diary.html?storyid=11902

Trend Micro InterScan Web Security Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026252

Apple QuickTime Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026251

HP-UX Containers Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026250

VU#402731: Enspire eClient SQL injection allows authentication bypass
http://www.kb.cert.org/vuls/id/402731

SUSE update for puppet
http://secunia.com/advisories/46628/

Debian update for torque
http://secunia.com/advisories/46577/

HP-UX Containers Unspecified Privilege Escalation Vulnerability
http://secunia.com/advisories/46617/

Red Hat update for openssl
http://secunia.com/advisories/46629/

Gentoo update for squid
http://secunia.com/advisories/46604/

Gentoo update for pure-ftpd
http://secunia.com/advisories/46603/

Apple QuickTime Multiple Vulnerabilities
http://secunia.com/advisories/46618/

HP Network Node Manager i JMX Console Security Bypass Security Issue
http://secunia.com/advisories/46627/

Libxml2 Two XSLT Double Free Vulnerabilities
http://secunia.com/advisories/46632/

SPIP Unspecified SQL Injection Vulnerability
http://secunia.com/advisories/46622/

Winamp Multiple Vulnerabilities
http://secunia.com/advisories/45279/

Cisco Multiple Products Directory Traversal Vulnerability
http://secunia.com/advisories/46600/

Trend Micro InterScan Web Security Suite "patchCmd" Privilege Escalation Vulnerability
http://secunia.com/advisories/46610/

Cisco WebEx Player WRF File Processing Vulnerabilities
http://secunia.com/advisories/46607/

Oracle Solaris Vino Framebuffer Update Handling Denial of Service Vulnerability
http://secunia.com/advisories/46619/

Joomla! YJ Contact Us Component "view" Local File Inclusion Vulnerability
http://secunia.com/advisories/46588/

Fedora update for radvd
http://secunia.com/advisories/46626/

Online Subtitles Workshop "comment" Script Insertion Vulnerability
http://secunia.com/advisories/46616/

Drupal Organic groups Module Security Bypass Vulnerability
http://secunia.com/advisories/46623/

Cisco Video Surveillance IP Cameras RTSP TCP Packets Processing Denial of Service
http://secunia.com/advisories/46612/

Cisco Video Surveillance IP Cameras RTSP TCP Packets Processing Denial of Service
http://secunia.com/advisories/46611/

OpenLDAP "UTF8StringNormalize()" Off-by-One Denial of Service Vulnerability
http://secunia.com/advisories/46599/

Cisco Security Agent Outside In Technology File Processing Vulnerabilities
http://secunia.com/advisories/46631/

Novell iPrint Client "GetDriverSettings()" Buffer Overflow Vulnerability
http://secunia.com/advisories/46606/

Winamp Data Processing Multiple Heap and Integer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2011-2238.php

HP-UX Containers Local Unauthorized Access and Privilege Escalation
http://www.vupen.com/english/ADV-2011-2237.php

Oracle Sun Solaris Vino GNOME Desktop Sharing Server Denial of Service
http://www.vupen.com/english/ADV-2011-2236.php

OpenLDAP "UTF8StringNormalize()" Remote Off-by-one Buffer Overflow
http://www.vupen.com/english/ADV-2011-2235.php

Cisco WebEx Player WRF and ATAS32 Buffer Overflow Vulnerabilities
http://www.vupen.com/english/ADV-2011-2234.php

Cisco Security Agent Outside-In Remote Code Execution Vulnerabilities
http://www.vupen.com/english/ADV-2011-2233.php

Cisco Video Surveillance IP Cameras Denial of Service Vulnerability
http://www.vupen.com/english/ADV-2011-2232.php

Cisco Unified Contact Center Express Directory Traversal Vulnerability
http://www.vupen.com/english/ADV-2011-2231.php

Organic Groups for Drupal Access Bypass Remote Unauthorized Access
http://www.vupen.com/english/ADV-2011-2230.php

Apple QuickTime Multiple Code Execution and Information Disclosure
http://www.vupen.com/english/ADV-2011-2229.php

Apple QuickTime Prior To 7.7.1 Pict File Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50399

RETIRED: Apple QuickTime Prior To 7.7.1 Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/50388

Apple Mac OS X FLIC Files CVE-2011-3223 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50101

Apple QuickTime CVE-2011-3221 Movie File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50131

Apple QuickTime Prior To 7.7.1 TKHD Atoms Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50403

phpScheduleIt 'reserve.php' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/31520

Apple Mac OS X FlashPix Files CVE-2011-3222 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50100

Apple Mac OS X QuickTime Player CVE-2011-3228 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50127

Apple Mac OS X QuickTime 'Save for Web' Feature HTML Injection Vulnerability
http://www.securityfocus.com/bid/50122

Apple Mac OS X CoreMedia H.264 Encoded Movie Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50068

Apple QuickTime CVE-2011-3220 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50130

X.Org X11 File Read Permission Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50196

X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability
http://www.securityfocus.com/bid/50002

OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability
http://www.securityfocus.com/bid/49469

Linux Kernel GHASH Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50366

torque 'job name' Argument Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48374

Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47681

Mozilla Firefox RegExp Remote Integer Underflow Vulnerability
http://www.securityfocus.com/bid/49809

libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617

Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50404

RoundCube Webmail Denial of Service Vulnerability
http://www.securityfocus.com/bid/50402

Apple QuickTime Prior To 7.7.1 Movie File Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50401

Apple QuickTime Prior To 7.7.1 Movie File Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50400

Enspire eClient Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/50398

HP-UX Containers Unspecified Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50396

radvd Multiple Local and Remote Vulnerabilities
http://www.securityfocus.com/bid/50395

Toshiba e-Studio Devices Password Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50392

eFront 3.6.10 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50391

SPIP Versions Prior to 1.9.2k Unspecified SQL Injection Vulnerability
http://www.securityfocus.com/bid/50390

WordPress WPtouch Plugin 'ajax.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50389

QuickTime 7.7.1 のセキュリティアップデート

About the security content of QuickTime 7.7.1

http://support.apple.com/kb/HT5016

上記 URL の QuickTime 7.7.1 のセキュリティアップデートの翻訳

1) QuickTime
　QuickTime が H.264 エンコードされた動画ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3219)

2) QuickTime
　QuickTime が動画ファイルの URL データハンドラを取り扱う際に初期化されてないメモリへアクセスすることが原因で、メモリ上のコンテンツを取得される脆弱性。(CVE-2011-3220)

3) QuickTime
　QuickTime が動画ファイルの atom 階層を取り扱う際に実装上の欠陥が存在することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-20113221)

4) QuickTime
　QuickTime Player の "Save for Web" にクロスサイトスクリプティングの欠陥が存在することが原因で、ローカルドメインからスクリプトを注入される脆弱性。(CVE-2011-3218)

5) QuickTime
　QuickTime が FlashPix ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3222)

6) QuickTime
　QuickTime が FLIC ファイルを取り扱う際にバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3223)

7) QuickTime
　QuickTime が動画ファイルを取り扱う際に複数のメモリ破壊が発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3228)

8) QuickTime
　PICT ファイルの取り扱いにおいて整数オーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3247)

9) QuickTime
　QuickTime の動画ファイルに埋め込まれたフォントテーブルの取り扱いにおいて署名問題が存在することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3248)

10) QuickTime
　FLC エンコードされた動画ファイルの取り扱いにおいてバッファオーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3249)

11) QuickTime
　JPEG2000 エンコードされた動画ファイルの取り扱いにおいて整数オーバーフローが発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3250)

12) QuickTime
　QuickTime の動画ファイル内の TKHD atom の取り扱いにおいてメモリ破壊が発生することが原因で、アプリケーションを異常終了させたり任意のコードを実行されたりする脆弱性。(CVE-2011-3251)

27日 木曜日、仏滅

Lotus Notes の一太郎ファイルビューアーにおけるバッファーオーバーフローの潜在的な脆弱性の問題
http://www-06.ibm.com/ibm/jp/security/info/lotus/si20111025a.html

JVNVU#784211 Apple Quicktime における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU784211/index.html

JVNDB-2011-002561 Oracle Supply Chain Products Suite の Oracle Agile Product Supplier Collaboration for Process コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002561.html

JVNDB-2011-002560 Oracle Industry Applications の Health Sciences - Oracle Thesaurus Management System コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002560.html

JVNDB-2011-002559 Oracle Industry Applications の Health Sciences - Oracle Clinical、Remote Data Capture における脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002559.html

JVNDB-2011-002558 Oracle Virtualization の Sun Ray コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002558.html

JVNDB-2011-002557 Oracle Linux の Oracle Validated 処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002557.html

JVNDB-2011-002556 複数の Oracle Sun 製品における Integrated Lights Out Manager CLI の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002556.html

JVNDB-2011-002555 Oracle PeopleSoft Enterprise HRMS における JPM の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002555.html

JVNDB-2011-002554 Oracle PeopleSoft Enterprise HRMS における Talent Acquisition Manager の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002554.html

JVNDB-2011-002553 Oracle PeopleSoft Enterprise HRMS における Candidate Gateway の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002553.html

JVNDB-2011-002552 Oracle PeopleSoft Enterprise PeopleTools におけるセキュリティの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002529.html

JVNDB-2011-002551 Oracle PeopleSoft Enterprise PeopleTools における Personalization の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002551.html

JVNDB-2011-002550 Oracle PeopleSoft Enterprise HRMS における eDevelopment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002550.html

JVNDB-2011-002549 Oracle PeopleSoft Enterprise HRMS における eProfile の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025549.html

JVNDB-2011-002548 Oracle Siebel CRM の Siebel Core - UIF Server コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025548.html

JVNDB-2011-002547 Oracle Siebel CRM の Siebel Core - UIF Client コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025547.html

JVNDB-2011-002546 Oracle Siebel CRM の Siebel Apps - Marketing コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025546.html

JVNDB-2011-002545 Oracle Solaris における Zone の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025545.html

JVNDB-2011-002544 Oracle Solaris における Kernel/Filesystem の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025544.html

JVNDB-2011-002543 Oracle Solaris における DTrace Software Library の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025543.html

JVNDB-2011-002542 Oracle Solaris における Network Status Monitor の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025542.html

JVNDB-2011-002541 Oracle Solaris における ZFS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025541.html

JVNDB-2011-002540 Oracle Solaris における ZFS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025540.html

JVNDB-2011-002539 Oracle Solaris における libnsl の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025539.html

JVNDB-2011-002538 Oracle Solaris における xscreensaver の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025538.html

JVNDB-2011-002537 Oracle Solaris における ZFS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025537.html

JVNDB-2011-002536 Oracle Sun Products Suite の複数の製品における Web Container の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025536.html

JVNDB-2011-002535 Oracle Database Server の Application Express コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025535.html

JVNDB-2011-002534 Oracle Database Server の Core RDBMS コンポーネントおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025534.html

JVNDB-2011-002533 Oracle Database Server の Database Vault コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025533.html

JVNDB-2011-002532 Oracle Database Server の Database Vault コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025532.html

JVNDB-2011-002531 Oracle Database Server の Oracle Text コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025531.html

JVNDB-2011-002530 Oracle E-Business Suite の Oracle Applications Framework コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025530.html

JVNDB-2011-002529 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025529.html

JVNDB-2011-002528 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025528.html

JVNDB-2011-002527 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025527.html

JVNDB-2011-002526 Oracle E-Business Suite の Oracle Application Object Library コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025526.html

JVNDB-2011-002525 Oracle Fusion Middleware の Oracle Outside In Technology コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025525.html

JVNDB-2011-002524 Oracle Fusion Middleware の Oracle Web Services Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025524.html

JVNDB-2011-002523 Oracle Fusion Middleware の Oracle Business Intelligence Enterprise Edition コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025523.html

JVNDB-2011-002522 Oracle WebLogic Server における Web Services の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025522.html

JVNDB-2011-002521 Oracle WebLogic Server における JMS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025521.html

JVNDB-2011-002520 Oracle WebLogic Server における WLS Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025520.html

JVNDB-2011-002519 Oracle Fusion Middleware の Oracle Containers for J2EE コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025519.html

JVNDB-2011-002518 Oracle Fusion Middleware の Oracle WebLogic Portal コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025158.html

JVNDB-2011-002517 Oracle Fusion Middleware の Oracle Web Services Manager コンポーネントにおける脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-0025157.html

Critical Control 17:Penetration Tests and Red Team Exercises
http://isc.sans.edu/diary.html?storyid=11887

Mozilla Firefox RegExp Remote Integer Underflow Vulnerability
http://www.securityfocus.com/bid/49809

libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617

+- HPSBUX02715 SSRT100623 rev.1 - HP-UX Containers (SRP), Local Unauthorized Access and Increased Privileges
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057703%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ GCC 4.6.2 released
http://gcc.gnu.org/gcc-4.6/

+ SA46591: Linux Kernel XFS "xfs_readlink()" Buffer Overflow Vulnerability
http://secunia.com/advisories/46591/
http://www.securityfocus.com/bid/50370

+ SA46584: Linux Kernel ghash NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/46584/
http://www.securityfocus.com/bid/50366

+ OpenLDAP 'UTF8StringNormalize()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50384

++ Cisco IOS Fingerprinting ICMPv6 Echo Request Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50379

++ Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50377

++ Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50375

- HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03057508%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

- Multiple Denial of Service vulnerabilities in Vino GNOME desktop sharing server
http://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities

[ANNOUNCE] Apache Archiva 1.4-M1 Released!
http://archiva.apache.org/docs/1.4-M1/release-notes.html

[ANNOUNCE] Apache Derby 10.8.2.2 released
http://db.apache.org/derby/derby_downloads.html

RHSA-2011:1409 Moderate: openssl security update
http://rhn.redhat.com/errata/RHSA-2011-1409.html

About the security content of QuickTime 7.7.1
http://support.apple.com/kb/HT5016

Google Chrome 15.0.874.106 released
http://googlechromereleases.blogspot.com/2011/10/stable-channel-update_26.html

CESA-2011:1402 (freetype)
http://lwn.net/Alerts/464550/

HPSBUX02702 SSRT100606 rev.5 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c02997184%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

PHP 5.4 beta2 released
http://www.php.net/archive/2011.php#id-1

ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerabil
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00173.html

ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00172.html

ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00171.html

ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00170.html

ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00169.html

ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00168.html

ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00166.html

Cisco Security Advisory: Cisco Security Agent Remote Code Execution Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00167.html

Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00165.html

Cisco Security Advisory: Cisco Unified Contact Center Express Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00164.html

Cisco Security Advisory: Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00163.html

Cisco Security Advisory: Cisco Unified Communications Manager Directory Traversal Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00162.html

[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-U
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00161.html

Path disclosure in SPIP
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00160.html

[ GLSA 201110-23 ] Apache mod_authnz_external: SQL injection
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00159.html

Androidを狙う新手口、アプリをアップデートするとウイルスに
エフセキュアが報告、インストール時に追加のアクセス許可
http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371504/?ST=security

衆院事務局がウイルス感染問題で初会合、「報道でサイバー攻撃の可能性を認識」
http://itpro.nikkeibp.co.jp/article/NEWS/20111027/371481/?ST=security

Cisco Video Surveillance IP Cameras RTSP Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1026248

Cisco WebEx Player Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026244

Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files
http://www.securitytracker.com/id/1026243

Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026242

WordPress BackWPUp Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/6U03G1P2UA.html

Linux Kernel XFS "xfs_readlink()" Buffer Overflow Vulnerability
http://secunia.com/advisories/46591/

WordPress NextGEN Gallery Plugin Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/46602/

phpMyFAQ Code Injection Vulnerability
http://secunia.com/advisories/46582/

Ubuntu update for linux-ti-omap4
http://secunia.com/advisories/46571/

Ubuntu update for linux
http://secunia.com/advisories/46585/

Ubuntu update for linux-mvl-dove
http://secunia.com/advisories/46587/

Ubuntu update for linux-ec2
http://secunia.com/advisories/46589/

Ubuntu update for linux
http://secunia.com/advisories/46590/

Ubuntu update for linux-lts-backport-maverick
http://secunia.com/advisories/46595/

Ubuntu update for linux-fsl-imx51
http://secunia.com/advisories/46598/

Ubuntu update for nova
http://secunia.com/advisories/46597/

Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/46594/

OpenStack Compute (Nova) "EC2_SECRET_KEY" Credentials Disclosure Weakness
http://secunia.com/advisories/46576/

SUSE update for hplip
http://secunia.com/advisories/46593/

Linux Kernel ghash NULL Pointer Dereference Vulnerability
http://secunia.com/advisories/46584/

Ubuntu update for kde4libs
http://secunia.com/advisories/46592/

Gentoo update for mod_authnz_external
http://secunia.com/advisories/46581/

IBM WebSphere ILOG Rule Team Server Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/46574/

HP Network Node Manager i (NNMi) Remote Information Disclosure
http://www.vupen.com/english/ADV-2011-2228.php

IBM WebSphere ILOG Rule Team Server Cross Site Scripting Vulnerability
http://www.vupen.com/english/ADV-2011-2227.php

phpMyFAQ ImageManager Library Remote PHP Code Injection Vulnerability
http://www.vupen.com/english/ADV-2011-2226.php

Google Chrome Multiple Memory Corruption and Information Disclosure
http://www.vupen.com/english/ADV-2011-2225.php

Novell iPrint Client for Windows Activex Remote Code Execution Vulnerability
http://www.vupen.com/english/ADV-2011-2224.php

Novell ZENworks 7 Handheld Management Directory Traversal Vulnerability
http://www.vupen.com/english/ADV-2011-2223.php

Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279

libxml2 'XPATH' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44779

libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056

Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658

GNU libc glob(3) 'pattern' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47671

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/46767

Squid 'DNS' Reply Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42645

Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38212

Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36091

Squid Proxy String Processing NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/42982

Squid Header-Only Packets Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37522

Squid Proxy Gopher Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49356

Squid Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/35812

Cisco WebEx WRF and ATAS32 File Format Multiple Remote Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/50373

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3000 HTTP Response Splitting Vulnerability
http://www.securityfocus.com/bid/49849

Mozilla Firefox CVE-2011-2995 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/49810

Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Weakness
http://www.securityfocus.com/bid/49811

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2011-2999 Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/49848

Adobe Acrobat and Reader CVE-2011-2441 Multiple Remote Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/49581

Novell iPrint Client 'nipplib.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50367

X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability
http://www.securityfocus.com/bid/50002

Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50220

Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50215

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50218

Adobe Acrobat and Reader CVE-2011-2436 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49578

Apple iTunes CoreAudio (CVE-2011-3252) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50065

Apple Mac OS X CoreMedia H.264 Encoded Movie Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50068

OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability
http://www.securityfocus.com/bid/49469

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability
http://www.securityfocus.com/bid/50313

Linux Kernel TCP Sequence Number Generation Security Weakness
http://www.securityfocus.com/bid/49289

Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability
http://www.securityfocus.com/bid/48929

Adobe Acrobat and Reader CVE-2011-2433 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49576

Adobe Acrobat and Reader CVE-2011-2435 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49575

Adobe Acrobat and Reader U3D Tiff Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49572

Adobe Acrobat and Reader CVE-2011-2434 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49577

Adobe Acrobat and Reader CVE-2011-2438 Multiple Remote Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/49580

Adobe Acrobat and Reader CVE-2011-2437 Remote Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49579

Oracle Outside In Technology Microsoft CAB File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47437

Oracle Outside In Technology Lotus 123 File Parsing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47435

Retired: Microsoft Outlook Web Access Session Replay Security Bypass Vulnerability
http://www.securityfocus.com/bid/50361

IBM WebSphere ILOG Rule Team Server 'project' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50056

FreeType Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155

KDE KSSL Common Name SSL Certificate Spoofing Vulnerability
http://www.securityfocus.com/bid/49925

Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49534

phpMyFAQ 'ajax_create_folder.php' Code Injection Vulnerability
http://www.securityfocus.com/bid/50385

OpenLDAP 'UTF8StringNormalize()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50384

NextGEN Gallery for WordPress Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/50383

Online Subtitles Workshop 'video_comments.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/50382

XAMPP Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50381

Trendmicro IWSS 3.1 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50380

Cisco IOS Fingerprinting ICMPv6 Echo Request Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50379

Cisco Adaptive Security Appliances (ASA) 5500 'platform-sw' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50378

Cisco IOS 'ethernet-lldp' Component Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50377

Cisco CiscoWorks Common Services Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50376

Cisco IOS dot1x Port Handling Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50375

PrestaShop Presta2PhpList Module 'list' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50374

Multiple Cisco Products (CVE-2011-3315) Directory Traversal Vulnerability
http://www.securityfocus.com/bid/50372

Cisco Video Surveillance 2421, 2500, and 2600 Series IP Cameras Denial of Service Vulnerability
http://www.securityfocus.com/bid/50371

Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50370

Novell ZENworks Handheld Management 'Common.dll' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/50369

IBM WebSphere ILOG Rule Team Server Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50368

Linux Kernel GHASH Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50366

vtiger CRM 'index.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50364

26日 水曜日、友引

+ Linux kernel 3.0.8 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.8

+ Important: freetype security update
http://rhn.redhat.com/errata/RHSA-2011-1402.html

+ Sudo 1.7.8p1, 1.8.3p1 released
http://www.sudo.ws/sudo/stable.html#1.7.8p1
http://www.sudo.ws/sudo/stable.html#1.8.3p1

- Linux Kernel 'net/can/raw.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47835

- Linux Kernel 'bcm_release()' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/47503

? Linux Kernel 'perf' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49140

? Linux Kernel KSM Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48101

Google Chrome 15.0.874.102 released
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html

SafeSyncモバイルクライアント バージョン1.3（iOS/Android）にログインできない現象について
http://www.trendmicro.co.jp/support/news.asp?id=1671

zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00155.html

[ GLSA 201110-22 ] PostgreSQL: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00156.html

[SECURITY] [DSA 2328-1] freetype security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00154.html

[security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Servi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00153.html

[ MDVSA-2011:161 ] postgresql
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00152.html

[ GLSA 201110-21 ] Asterisk: Multiple vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00151.html

[SECURITY] [DSA 2327-1] libfcgi-perl security-update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2011-10/msg00150.html

「DMで偽サイトに誘導」――Twitter悪用のフィッシングに注意
英ソフォスが報告、目的はパスワードの奪取
http://itpro.nikkeibp.co.jp/article/NEWS/20111026/371422/?ST=security

テラス、SSHリモート操作を動画記録する監査証跡SaaSを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20111025/371350/?ST=security

JVNDB-2011-002516 Apple Mac OS X のオープンディレクトリにおけるパスワードデータを閲覧される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002516.html

JVNDB-2011-002515 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002515.html

JVNDB-2011-002514 Apple Mac OS X の libsecurity における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002514.html

JVNDB-2011-002513 Apple Mac OS X のオープンディレクトリにおけるパスワード要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002513.html

JVNDB-2011-002512 Apple Mac OS X の SMB ファイルサーバコンポーネントにおける閲覧制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002512.html

JVNDB-2011-002511 Apple Mac OS X の User Documentation コンポーネントにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002511.html

JVNDB-2011-002510 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002510.html

JVNDB-2011-002509 Apple Mac OS X の QuickTime におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002509.html

JVNDB-2011-002508 Apple Mac OS X の QuickTime における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002508.html

JVNDB-2011-002507 Apple Mac OS X の QuickTime における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002507.html

JVNDB-2011-002506 Django の CSRF 保護メカニズムにおける認証されずに偽造されたリクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002506.html

JVNDB-2011-002505 Django におけるキャッシュポイズニング攻撃を誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002505.html

JVNDB-2011-002504 Django の URLField 実装内にある verify_exists 機能における任意の GET リクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002504.html

JVNDB-2011-002503 Django の URLField 実装内にある verify_exists 機能におけるサービス運用妨害 (リソース消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002503.html

JVNDB-2011-002502 Django の django.contrib.sessions におけるセッションを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002502.html

JVNDB-2011-002501 Cisco TelePresence Video Communication Servers の管理インターフェイスにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002501.html

JVNDB-2011-002500 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002500.html

JVNDB-2011-002499 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002499.html

JVNDB-2011-002498 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002498.html

JVNDB-2011-002497 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002497.html

JVNDB-2011-002496 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002496.html

JVNDB-2011-002495 HP Data Protector における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002495.html

JVNDB-2011-002494 Apple Mac OS X の Application Firewall のデバッグログ機能における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002494.html

JVNDB-2011-002493 Apple iOS および Apple TV のカーネルにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002493.html

JVNDB-2011-002492 Apple iOS および Mac OS X の CFNetwork における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002492.html

JVNDB-2011-002491 Mac OS X 上で稼動する Apple Safari のプライベートブラウズ機能におけるユーザを追跡可能な脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002491.html

JVNDB-2011-002490 Mac OS X 上で動作する Apple Safari の SSL 実装における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002490.html

JVNDB-2011-002489 Mac OS X 上で動作する Apple Safari における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002489.html

JVNDB-2011-002488 Apple Safari におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002488.html

JVNDB-2011-002487 Apple Mac OS X の Apple Type Services (ATS) における整数符号エラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002487.html

JVNDB-2011-002486 Apple Mac OS の Open Directory におけるパスワード変更の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002486.html

Critical Control 17:Penetration Tests and Red Team Exercises
http://isc.sans.edu/diary.html?storyid=11887

Recurring reporting made easy?
http://isc.sans.edu/diary.html?storyid=11884

VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://securityreason.com/securityalert/8480

HP MFP Digital Sending Software Running on Window Local Information Disclosure
http://securityreason.com/securityalert/8479

astersik open source 1.8.7 Remote crash vulnerability
http://securityreason.com/securityalert/8478

OCS Inventory NG 2.0.1 Persistent XSS
http://securityreason.com/securityalert/8477

ibm db2 9.7 Exploiting the linker
http://securityreason.com/securityalert/8476

Linux Kernel ext4 Extent Splitting Bug in ext4_ext_convert_to_initialized() Lets Local Users Deny Service
http://www.securitytracker.com/id/1026240

Xen Buffer Overflow in SCSI Emulation Lets a Local Guest User Cause the Guest to Crash
http://www.securitytracker.com/id/1026238

Cisco Network Registrar Default Credentials Vulnerability
http://www.securiteam.com/securitynews/6L03H1F2UE.html

Cisco IOS XR Software IP Packet Vulnerability
http://www.securiteam.com/securitynews/6P03L1F2UU.html

Cisco Media Experience Engine 5600 Default Credentials Vulnerability
http://www.securiteam.com/securitynews/6N03J1F2UM.html

Cisco IOS XR Software SSHv1 Denial of Service Vulnerability
http://www.securiteam.com/securitynews/6K03G1F2UK.html

Cisco Unified IP Phones 7900 Series Multiple Vulnerabilities
http://www.securiteam.com/securitynews/6M03I1F2UW.html

Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability
http://www.securiteam.com/securitynews/6Q03M1F2UO.html

Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
http://www.securiteam.com/securitynews/6O03K1F2UC.html

PrestaShop Presta2PhpList Module "list" SQL Injection Vulnerability
http://secunia.com/advisories/46531/

Red Hat update for freetype
http://secunia.com/advisories/46596/

McAfee Web Gateway Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/46570/

Gentoo update for postgresql
http://secunia.com/advisories/46568/

Alcatel-Lucent OmniTouch 8400 Instant Communication Suite Multiple Vulnerabilities
http://secunia.com/advisories/46562/

Alcatel-Lucent Business integrated Communication Solution Multiple Vulnerabilities
http://secunia.com/advisories/46565/

Ubuntu update for puppet
http://secunia.com/advisories/46578/

Zope Unspecified Vulnerability
http://secunia.com/advisories/46586/

Novell Netware HTTP Server ByteRange Filter Denial of Service Vulnerability
http://secunia.com/advisories/46572/

zFTPServer "CWD" Denial of Service Vulnerability
http://secunia.com/advisories/46559/

Puppet "certdnsnames" Puppet Master Impersonation Vulnerability
http://secunia.com/advisories/46550/

Wing FTP Server Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/46413/

Wing FTP Server Unspecified Information Disclosure Vulnerability
http://secunia.com/advisories/46558/

SUSE update for etherape
http://secunia.com/advisories/46567/

SUSE update for fail2ban
http://secunia.com/advisories/46555/

Alsbtain Bulletin "act" Local File Inclusion Vulnerability
http://secunia.com/advisories/46566/

Gentoo update for asterisk
http://secunia.com/advisories/46548/

Ubuntu update for pam
http://secunia.com/advisories/46580/

Debian update for libfcgi-perl
http://secunia.com/advisories/46579/

Debian update for pam
http://secunia.com/advisories/46549/

Debian update for freetype
http://secunia.com/advisories/46544/

SUSE update for cyrus-imapd
http://secunia.com/advisories/46347/

SUSE update for opera
http://secunia.com/advisories/46552/

PacketFence "p" and "destination_url" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/46553/

Red Hat update for xen
http://secunia.com/advisories/46554/

SUSE update for clamav
http://secunia.com/advisories/46563/

Novell NetWare Apache Requests Processing Remote Denial of Service
http://www.vupen.com/english/ADV-2011-2222.php

Zope Security Update Fixes Unspecified Remote Vulnerability
http://www.vupen.com/english/ADV-2011-2221.php

BlueZone Desktop Multiple Malformed files Local Denial of Service Vulnerabilities
http://www.exploit-db.com/exploits/18030

Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49534

FreeType Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155

Linux Kernel SSID Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48538

Linux Kernel 'net/can/raw.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47835

Apache 'mod_authnz_external' Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/48653

Linux Kernel 'agp_allocate_memory/agp_create_user_memory' Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/47535

Linux Kernel 'next_pidmap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47497

Linux Kernel 'bcm_release()' NULL Pointer Dereference Denial of Service Vulnerability
http://www.securityfocus.com/bid/47503

GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/43819

Linux Kernel I/O-Warrior USB Device Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46069

Linux Kernel 'fs/partitions/ldm.c' Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46512

Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47534

Linux Kernel EFI Partition Denial of Service Vulnerability
http://www.securityfocus.com/bid/47343

Linux Kernel Unix Socket Backlog Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46637

Linux Kernel Comedi Driver Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49411

Linux Kernel CIFS Mount Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49626

Linux Kernel 'perf' Utility Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49140

Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/50314

Linux Kernel 'fs/befs/linuxvfs.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49256

Linux Kernel '/proc/PID/io' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49408

Linux kernel l2cap Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48472

Red Hat Linux Kernel VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48907

Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48333

Linux Kernel OOPS 'qdisc_dev()' Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48641

Linux Kernel eCryptfs Multiple Vulnerabilities
http://www.securityfocus.com/bid/49108

Linux Kernel IPv6 Fragment Identification Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48802

Linux Kernel Generic Receive Offload (GRO) CVE-2011-2723 Denial of Service Vulnerability
http://www.securityfocus.com/bid/48929

Linux Kernel TCP Sequence Number Generation Security Weakness
http://www.securityfocus.com/bid/49289

Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/49295

Linux Kernel KSM Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48101

Linux Kernel EXT4 Extent Format File Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48697

PostgreSQL Index Function Session State Modification Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/37333

Linux Kernel Validate 'map_count' Variable Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/46492

PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/37973

Linux Kernel 'inotify_init1()' Double Free Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47296

Linux Kernel 'oops' on Reset NULL Pointer Dereference Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/46793

Linux Kernel EFI Partition Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47796

Linux Kernel 'drivers/media/radio/si4713-i2c.c' Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48804

Linux Kernel 'mremap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47321

Linux Kernel 'x25_parse_facilities()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/44642

Linux Kernel NFS File Locking Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49141

Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47308

Perl Safe Module 'reval()' and 'rdo()' CVE-2010-1447 Restriction-Bypass Vulnerabilities
http://www.securityfocus.com/bid/40305

PostgreSQL 'intarray' Module 'gettoken()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46084

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/40215

PostgreSQL PL/Perl and PL/Tcl Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43747

PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/40304

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/36314

PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/34090

PostgreSQL JOIN Hashtable Size Integer Overflow Denial Of Service Vulnerability
http://www.securityfocus.com/bid/38619

PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241

PostgreSQL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/37334

QEMU 'scsi_disk_emulate_command()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/49545

Linux Kernel Netfilter 'ipt_CLUSTERIP.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46921

Linux Kernel Acorn Econet Protocol Implementation Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47990

Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability
http://www.securityfocus.com/bid/50313

Linux Kernel 'clock_gettime()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50311

Red Hat Linux Kernel CVE-2011-3347 VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50312

Xen DMA Requests IOMMU Denial of Service Vulnerability
http://www.securityfocus.com/bid/49146

Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48687

Python CGIHTTPServer Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46541

Linux Kernel 'taskstats.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48383

Pango HarfBuzz Engine Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49723

Linux Kernel CIFS Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/47381

Linux Kernel 'drivers/char/tpm/tpm.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46866

Opera Web Browser Tree Traversing Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/50320

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49303

Perl Fast CGI Module CGI Variables Authentication Security Bypass Vulnerability
http://www.securityfocus.com/bid/49549

RETIRED: SAP Management Console OSExecute Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50348

phpLDAPadmin 'functions.php' Remote PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/50331

Joomla YJ Contact us Component 'view' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/50362

Microsoft Outlook Web Access Session Replay Security Bypass Vulnerability
http://www.securityfocus.com/bid/50361

Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50360

OpenStack Nova 'EC2_SECRET_KEY' Man In The Middle Security Bypass Vulnerability
http://www.securityfocus.com/bid/50359

Zope 2.12.20/2.13.6 and Prior Unspecified Security Vulnerability
http://www.securityfocus.com/bid/50357

Puppet 'certdnsnames' Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/50356

Wing FTP Server Versions Prior to 4.0.1 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50355

PacketFence Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50353

BlueZone Desktop File Processing Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/50352

BlueZone Desktop '.ztf' File Processing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50351

Alsbtain Bulletin Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/50350