Trend Micro ビジネスセキュリティ6.0 Service Pack 3 Critical Patch (build 4254)公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1730
「CRYPTRECシンポジウム2012」開催のお知らせ
http://www.ipa.go.jp/security/event/2012/crypt-sympo2012/index.html
JVNVU#763355 HTC 製 Android 端末に Wi-Fi 認証情報漏えいの脆弱性
http://jvn.jp/cert/JVNVU763355/index.html
JVN#33021167 Pocket WiFi (GP02) におけるクロスサイトリクエストフォージェリの脆弱性
http://jvn.jp/jp/JVN33021167/index.html
Apple Mac OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Information, and Conduct Cross-Site Scripting Attacks and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026627
HP Data Protector Media Operations Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026626
EMC Documentum Content Server Lets Local Administrative Users Gain Elevated Privileges
http://www.securitytracker.com/id/1026624
REMOTE: Webkit normalize bug for android 2.2 (CVE-2010-1759)
http://www.exploit-db.com/exploits/18446
WebKit 'Node.normalize' Method Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/40665
Wireshark Versions Prior to 1.4.5/1.2.16 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47392
Subversion 'mod_dav_svn' Multiple Denial of Service and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/48091
PHP CVE-2011-2202 Security Bypass Vulnerability
http://www.securityfocus.com/bid/48259
cURL/libcURL GSS/Negotiate Feature Spoofing Security Vulnerability
http://www.securityfocus.com/bid/48434
libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951
PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/46843
FreeType Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155
Apple iOS Libinfo Component CVE-2011-3441 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50641
RoundCube Webmail '_mbox' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/49229
Apple iOS and Mac OS X CFNetwork Cross Domain Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50115
SquirrelMail Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42399
SquirrelMail Multiple HTML Injection, Cross Site Scripting, and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/48648
Apple Safari ImageIO TIFF Image Handling Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/48833
Apple Mac OS X ColorSync (CVE-2011-0200) Integer Overflow Vulnerability
http://www.securityfocus.com/bid/48416
SquirrelMail 'mail_fetch' Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/40291
Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48456
Apple iTunes CoreAudio (CVE-2011-3252) Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50065
Mozilla Firefox and SeaMonkey 'Firefox Recovery Key.html' Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/51787
PHP 'crypt()' Function Security Bypass Vulnerability
http://www.securityfocus.com/bid/49376
Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50404
Apple QuickTime Prior To 7.7.1 Movie File Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50401
PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/49249
Apple QuickTime Prior To 7.7.1 Movie File Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50400
Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability
http://www.securityfocus.com/bid/49429
About the security content of OS X Lion v10.7.3 and Security Update 2012-001
http://support.apple.com/kb/HT5130
CentOS alert CESA-2012:0085 (thunderbird)
http://lwn.net/Alerts/478685/
CentOS alert CESA-2012:0080 (thunderbird)
http://lwn.net/Alerts/478687/
CentOS alert CESA-2012:0079 (firefox)
http://lwn.net/Alerts/478688/
CentOS alert CESA-2012:0084 (seamonkey)
http://lwn.net/Alerts/478691/
Firefox 10 is now available
http://mozilla.jp/firefox/10.0/releasenotes/
+- RHSA-2012:0084-1: Critical: seamonkey security update
http://rhn.redhat.com/errata/RHSA-2012-0084.html
対象名:Red Hat 4 (seamonkey パッケージ)
コメント:使用パッケージが対象ではない
+ RHSA-2012:0086-1: Moderate: openssl security update
http://rhn.redhat.com/errata/RHSA-2012-0086.html
対象名:Red Hat 4 (openssl パッケージ)
+? PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47950
CVE-2011-1938
対象名:PHP 5.x
コメント:少々古いが報告していないようです。
- HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03179046%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
[ANNOUNCE] JMeter 2.6 is released
http://jmeter.apache.org/docs/changes.html
Multiple vulnerabilities in OpenEMR
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00003.html
802.1X password exploit on many HTC Android devices
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00001.html
ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00004.html
Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00002.html
[Announce] Apache HTTP Server 2.2.22 Released
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00000.html
XSS phpLDAPadmin: 1.2.0.5 (Debian package) and 1.2.2 (sourceforge)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-02/msg00005.html
IPA重要インフラ情報セキュリティシンポジウム2012
http://www.ipa.go.jp/security/event/2012/cip_sympo/index.html
IIJがDDoS対策の容量を拡大、1Gbps超える攻撃にも耐える
http://itpro.nikkeibp.co.jp/article/NEWS/20120201/379906/?ST=security
Debian : [DSA-2399-1] php5 - Multiple Issues
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37546
Hewlett-Packard : [HPSBMU02738 SSRT100748] HP - Network Automation - Unauthorized Access Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37547
Hewlett-Packard : [HPSBUX02737 SSRT100747] HP-UX - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37548
Ubuntu Security Notice : [USN-1351-1] AccountsService - Denial-Of-Service Issue
http://www.criticalwatch.com/support/security-advisories.aspx?AID=37545
ISC Feature of the Week: ISC Search
http://isc.sans.edu/diary.html?storyid=12496
Apple and Apache security fixes and releases
http://isc.sans.edu/diary.html?storyid=12502
RHSA-2012:0085 Critical: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2012-0085.html
Bugzilla Bugs Permit Remote Cross-Site Request Forgery and Remote Authenticated Account Impersonation Attacks
http://www.securitytracker.com/id/1026623
Novell iPrint 'attributes-natural-language' Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026618
Mozilla Thunderbird IPv6 Address Processing Lets Remote Users Bypass Same-Origin Restrictions to Obtain Error Messages
http://www.securitytracker.com/id/1026610
Mozilla Seamonkey IPv6 Address Processing Lets Remote Users Bypass Same-Origin Restrictions to Obtain Error Messages
http://www.securitytracker.com/id/1026609
RealNetworks RealPlayer Malformed AAC File Parsing Code Execution Vulnerability
http://www.securiteam.com/securitynews/5HP2V0A6AW.html
RealNetworks RealPlayer genr Sample Size Parsing Code Execution Vulnerability
http://www.securiteam.com/securitynews/5JP2X0A6AS.html
RealNetwork RealPlayer MPG Width Integer Underflow Code Execution Vulnerability
http://www.securiteam.com/securitynews/5KP2Y0A6AK.html
RealNetworks RealPlayer ATRC Code Data Parsing Code Execution Vulnerability
http://www.securiteam.com/securitynews/5IP2W0A6AC.html
VU#763355: 802.1X password exploit on many HTC Android devices
http://www.kb.cert.org/vuls/id/763355
OpenEMR File Inclusion and Command Injection Vulnerabilities
http://secunia.com/advisories/47781/
Red Hat update for thunderbird
http://secunia.com/advisories/47791/
Red Hat update for firefox
http://secunia.com/advisories/47789/
Red Hat update for thunderbird
http://secunia.com/advisories/47800/
MiTalk Messenger for Android Security Bypass Security Issue
http://secunia.com/advisories/47767/
Ubuntu update for accountsservice
http://secunia.com/advisories/47834/
phpShowtime Directory and Image File Disclosure Weakness
http://secunia.com/advisories/47802/
Pale Moon Multiple Vulnerabilities
http://secunia.com/advisories/47751/
MindManager Insecure Library Loading Vulnerability
http://secunia.com/advisories/47797/
GForge Community Edition / Advanced Server Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/47790/
ManageEngine Applications Manager Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/47724/
Red Hat update for seamonkey
http://secunia.com/advisories/47778/
Red Hat update for JBoss products
http://secunia.com/advisories/47793/
Ubuntu update for software-properties
http://secunia.com/advisories/47833/
Mozilla Firefox / Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/47839/
Mozilla SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/47840/
Mozilla Firefox / Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/47816/
Emobile Pocket WiFi GP02 Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/47795/
Bugzilla Spoofing and Cross-Site Request Forgery Vulnerabilities
http://secunia.com/advisories/47814/
4images "cat_parent_id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/47811/
Oracle Multiple Products Web Form Hash Collision Denial of Service Vulnerability
http://secunia.com/advisories/47819/
Pligg CMS 'status' Parameter SQL Injection Vulnerability
2012-12-29
http://www.securityfocus.com/bid/51273
PHP 'ZipArchive::addGlob' and 'ZipArchive::addPattern' Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/49252
Mozilla Firefox/SeaMonkey/Thunderbird XSLT Stylesheets Denial of Service Vulnerability
http://www.securityfocus.com/bid/51754
Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/49616
X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49124
libpng Malformed cHRM Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/49744
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778
PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47950
PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49241
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0447 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51757
Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability
http://www.securityfocus.com/bid/51752
Mozilla Firefox/SeaMonkey/Thunderbird Cross Domain Security Bypass Vulnerability
http://www.securityfocus.com/bid/51765
Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51753
0 件のコメント:
コメントを投稿