2012年4月24日火曜日
24日 火曜日、赤口
+ RHSA-2012:0509 Moderate: wireshark security update
http://rhn.redhat.com/errata/RHSA-2012-0509.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1595
+ Google Chrome 18.0.1025.165 on Mac released
http://googlechromereleases.blogspot.jp/2012/04/stable-channel-update_23.html
+ nginx 1.2.0 stable version released
http://nginx.org/en/CHANGES
+ HPSBUX02768 SSRT100664 rev.1 - CIFS Server (Samba), Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03297338%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
+ Dovecot 2.1.5 released
http://www.dovecot.org/list/dovecot-news/2012-April/000222.html
+ DBI 1.619 released
http://search.cpan.org/~timb/DBI/Changes#Changes_in_DBI_1.619_(svn_r15294)_23rd_April_2012
+ OpenLDAP 2.4.31 released
http://www.openldap.org/software/release/announce.html
http://www.openldap.org/software/release/changes.html
+ OpenSSL 0.9.8w released
http://www.openssl.org/news/
+ Linux Kernel 'xfrm6_tunnel_rcv()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1583
InterScan Messaging Security Virtual Appliance 8.2 リパック版 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1767
米国政府のプロテクションプロファイルの翻訳
~ IT製品の安全な調達のためのセキュリティ要求仕様書 ~
http://www.ipa.go.jp/security/publications/niap/spp-jp/index.html
ソフトウェア等の脆弱性関連情報に関する届出状況
[2012年第1四半期(1月~3月)]
http://www.ipa.go.jp/security/vuln/report/vuln2012q1.html
日立、モバイル端末向けの認証装置を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20120423/392794/?ST=security
FYI: Were now paying up to $20,000 for web vulns in our services
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00182.html
WebCalendar <= 1.2.4 Two Security Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00181.html
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00180.html
AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00179.html
AST-2012-004: Asterisk Manager User Unauthorized Shell Access
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00178.html
ChurchCMS 0.0.1 admin.php Multiple SQLi
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00177.html
.NET Framework EncoderParameter integer overflow vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00176.html
[HITB-Announce] HITB Magazine Issue 008 (now with print edition!)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00174.html
XSS and Blind SQL Injection Vulnerabilities in ExponentCMS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00173.html
[Spam] Chengdu Bureau of Commerce - SQL Injection Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00172.html
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00170.html
[Suspected Spam] Havalite CMS v1.0.4 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00171.html
[Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00169.html
phpMyBible 0.5.1 Mutiple XSS
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00168.html
HTC IQRD Android Permission Leakage (CVE-2012-2217)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00175.html
[ MDVSA-2012:063 ] libreoffice
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00167.html
[ MDVSA-2012:062 ] openoffice.org
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00166.html
[ MDVSA-2012:061 ] raptor
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00165.html
[SECURITY] [DSA 2455-1] typo3-src security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-04/msg00161.html
Adobe Acrobat and Reader 'newfunction' Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5HP36206UU.html
Comments open for NIST-proposed updates to Digital Signature Standard
http://isc.sans.edu/diary.html?storyid=13033
Continued interest in Nikjju mass SQL injection campaign
http://isc.sans.edu/diary.html?storyid=13036
Asterisk SIP Channel Driver Lets Remote Authenticated Users Deny Service
http://www.securitytracker.com/id/1026963
Asterisk Heap Overflow in Skinny Channel Driver Lets Remote Authenticated Users Execute Arbitrary Code
http://www.securitytracker.com/id/1026962
Asterisk Manager Interface Lets Remote Authenticated Users Execute Shell Commands
http://www.securitytracker.com/id/1026961
NET-i ware Master and Storage Services Denial of Service Vulnerability
http://secunia.com/advisories/48825/
SUSE update for openssl
http://secunia.com/advisories/48916/
WordPress WP Survey And Quiz Tool Plugin "rowcount" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/48940/
WordPress Sharebar Plugin "status" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48908/
WordPress Multiple Vulnerabilities
http://secunia.com/advisories/48957/
IBM Tivoli Directory Server Web Admin Tool Cross-Site Scripting Vulnerability
http://secunia.com/advisories/48907/
Xunlei Thunder Insecure Library Loading Vulnerability
http://secunia.com/advisories/47864/
SUSE update for kernel
http://secunia.com/advisories/48964/
IBM Rational ClearQuest CQOle ActiveX Remote Execution Vulnerability
http://www.vupen.com/english/ADV-2012-0220.php
SumatraPDF Files Processing Two Memory Corruption Vulnerabilities
http://www.vupen.com/english/ADV-2012-0219.php
OpenSSL "asn1_d2i_read_bio()" ASN1 BIO Remote Memory Corruption
http://www.vupen.com/english/ADV-2012-0218.php
WordPress Privilege Escalation and Cross Site Scripting Vulnerabilities
http://www.vupen.com/english/ADV-2012-0217.php
RubyGems SSL Server Certificate Verification Failure Security Bypass
http://www.vupen.com/english/ADV-2012-0216.php
Ruby "RubyGems: SSL" Server Verification Failure Security Bypass
http://www.vupen.com/english/ADV-2012-0215.php
DoS/PoC: Mobipocket Reader 6.2 Build 608 Buffer Overflow
http://www.exploit-db.com/exploits/18774
DoS/PoC: SumatraPDF v2.0.1 .chm and .mobi Memory Corruption
http://www.exploit-db.com/exploits/18771
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197
Linux Kernel 'Clone()' Function 'CLONE_IO' Flag Multiple Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52152
Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274
Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655
Linux Kernel 'xfrm6_tunnel_rcv()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53139
Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176
Linux Kernel 'journal_get_superblock()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/50663
Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324
Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630
Linux Kernel 'taskstats' Access Restriction Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/50314
Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533
Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778
FreeType Versions Prior to 2.4.0 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/41663
Samba SWAT Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/48899
QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51642
Oracle Sun Products Suite CVE-2012-0539 Local Solaris Vulnerability
http://www.securityfocus.com/bid/53120
libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049
Wireshark Buffer Underflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51710
Wireshark ANSI A MAP Files Denial of Service Vulnerability
http://www.securityfocus.com/bid/49071
Wireshark Versions Prior to 1.4.5/1.2.16 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47392
Wireshark ERF File Parser Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/50486
Wireshark Versions Prior to 1.4.7/1.2.17 Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/48066
Wireshark 'ERF' data Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52737
Wireshark NTLMSSP NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46796
Wireshark Lucent/Ascend File Parser Denial of Service Vulnerability
http://www.securityfocus.com/bid/48506
Wireshark Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51368
Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013
Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016
Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234
Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011
Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014
Oracle Java SE CVE-2011-3560 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50236
Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018
Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012
Oracle Java SE CVE-2012-0498 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52019
Oracle Java SE Remote Java Runtime Environment Code Execution Vulnerability
http://www.securityfocus.com/bid/52161
@lex Guestbook Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/37706
Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50643
FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/42241
FreeType BDF Font File Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/42624
FreeType TrueType Font Handling 'ttinterp.c' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/44643
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318
FreeType Rendering Engine Position Value Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/43700
X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/49124
FreeType Stack Buffer Overflow and Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/42285
FreeType Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155
FreeType 'seac' Calls Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/42621
Apple iOS for iPhone/iPad/iPod touch Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/42151
FreeType 'ft_var_readpackedpoints()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44214
RETIRED: Liferay Enterprise Portal Arbitrary File Download And Security Bypass Vulnerability
http://www.securityfocus.com/bid/53190
Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52973
RPM Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52865
libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891
Gallery Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/52996
Quagga Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/52531
Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681
ownCloud Password Reset Security Bypass Vulnerability
http://www.securityfocus.com/bid/53179
Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136
Asterisk Skinny Channel Driver Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53210
WebCalendar Local File Include and PHP code Injection Vulnerabilities
http://www.securityfocus.com/bid/53207
Asterisk Shell Command Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/53206
Asterisk SIP Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53205
Microsoft .NET Framework Parameter Validation Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53204
WP Survey And Quiz Tool for WordPress Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53203
WordPress Sharebar 'status' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53201
Mobipocket Reader '.CHM' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53200
Havalite Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53199
TreasonSMS HTML Injection And File Include Vulnerabilities
http://www.securityfocus.com/bid/53198
Sumatra PDF Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53196
ExponentCMS Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53195
IBM Tivoli Directory Server Web Admin Tool Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53194
Samsung NET-i ware Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/53193
Xunlei Thunder Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/53191
Mega File Manager 'name' Parameter Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53189
ChurchCMS 'admin.php' Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/53209
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿