2012年6月14日木曜日
14日 木曜日、仏滅
+ RHSA-2012:0729 Critical: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2012-0729.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
+ RHSA-2012:0731 Moderate: expat security update
http://rhn.redhat.com/errata/RHSA-2012-0731.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
+ CentOS alert CESA-2012:0721 (kernel)
http://lwn.net/Alerts/501786/
+ HPSBOV02774 SSRT100684 rev.1 - HP TCP/IP Services for OpenVMS, BIND 9 Resolver, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03312535%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
+ HPSBUX02789 SSRT100824 rev.1 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03365218%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2111
+ PSN-2012-06-613: 2012-06 Security Bulletin: MediaFlow Controller (MFC): SSL server allows connections without encryption
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-613&viewMode=view
+ PSN-2012-06-612: 2012-06 Security Bulletin: IDP: Perl interpreter access vulnerability
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-612&viewMode=view
+ PSN-2012-06-611: 2012-06 Security Bulletin: Mobility System Software (MSS): Parameter is not properly sanitized allowing XSS
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-611&viewMode=view
+ PSN-2012-06-610: 2012-06 Security Bulletin: Secure Access: (SA): Open redirect issue
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-610&viewMode=view
+ RHSA-2012:0731 Moderate: expat security update
http://rhn.redhat.com/errata/RHSA-2012-0731.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
+ RHSA-2012:0730 Important: java-1.6.0-openjdk security update
http://rhn.redhat.com/errata/RHSA-2012-0730.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1716
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1725
IPA テクニカルウォッチ
『Androidアプリの脆弱性』に関するレポート
~簡易チェックリストで脆弱(ぜいじゃく)性を作り込みやすいポイントを確認~
http://www.ipa.go.jp/about/technicalwatch/20120613.html
WindowsやIEなどに危険な脆弱性、悪用した攻撃が既に出現
データ受信やWebアクセスだけで被害の恐れ
http://itpro.nikkeibp.co.jp/article/NEWS/20120614/402403/?ST=security
[Interop 2012]「ユーザー機器の締め出しは“おとぎ話”」、ボーイングのセキュリティ担当VP
http://itpro.nikkeibp.co.jp/article/NEWS/20120613/402230/?ST=security
IPAが安全なAndroidアプリ開発のためのチェックリスト公開
http://itpro.nikkeibp.co.jp/article/NEWS/20120613/402227/?ST=security
JVNVU#649219 Intel CPU で動作する 64bit OS や仮想化環境に権限昇格の脆弱性
http://jvn.jp/cert/JVNVU649219/index.html
JVNTA12-164A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-164A/index.html
Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00068.html
[SE-2012-01] Regarding Oracles Critical Patch Update for Java SE
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00067.html
[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00066.html
[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00065.html
CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file.
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00064.html
APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for Mac OS X 10.6 Upda
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00063.html
ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00062.html
[SECURITY] [DSA 2493-1] asterisk security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00061.html
US-CERT Alert TA12-164A -- Microsoft Updates for Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Cert/2012-06/msg00001.html
JVNDB-2012-002668 Adobe Flash Player および Adobe AIR のインストーラにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002668.html
JVNDB-2012-002667 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002667.html
JVNDB-2012-000046 Flash Player における同一生成元ポリシー実装不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000046.html
JVNDB-2012-002666 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002666.html
JVNDB-2012-002665 Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002665.html
JVNDB-2012-002664 Adobe Flash Player および Adobe AIR におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002664.html
JVNDB-2012-002663 Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002663.html
JVNDB-2012-002245 Apple 製品の WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002245.html
JVNDB-2012-002669 BMC Identity Management Suite にクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002669.html
JVNDB-2012-002652 ForeScout CounterACT にクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002652.html
ICANN "Reveal Day" Lists new TLD Applications
http://isc.sans.edu/diary.html?storyid=13465
Microsoft Certificate Updater
http://isc.sans.edu/diary.html?storyid=13468
ArcGIS Desktop User Warning Byass Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027170
Xen AMD Processing Flaw Lets Local Guest System Users Deny Service
http://www.securitytracker.com/id/1027168
Xen Syscall Exception Handling Error Lets Local Guest Users Deny Service
http://www.securitytracker.com/id/1027167
Xen System Call Return Value Validation Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027166
FreeBSD Kernel System Call Return Value Validation Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027164
Citrix XenServer Lets Local Users Gain Elevated Privileges and Cause Denial of Service Conditions
http://www.securitytracker.com/id/1027163
Ruby on Rails Input Validation Flaw in Active Record Lets Remote Users Make Unsafe SQL Queries
http://www.securitytracker.com/id/1027162
Ruby on Rails Input Validation Flaw in Active Record Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1027161
F5 FirePass Controller Input Validation Flaw Lets Remote Users Inject SQL Commands
http://www.securitytracker.com/id/1027158
VU#709939 Bradford Network Sentry v5.3 NS500 appliance contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/709939
Apple iTunes 10.6.1.7 M3U Playlist Buffer Overflow
http://cxsecurity.com/issue/WLB-2012060148
PHP 5.4.3 PDO Access Violation
http://cxsecurity.com/issue/WLB-2012060147
MySQL Remote Root Authentication Bypass
http://cxsecurity.com/issue/WLB-2012060146
HP Server Automation Linux/SunOS arbitrary code execution
http://cxsecurity.com/issue/WLB-2012060145
F5 BIG-IP SSH Private Key Exposure
http://cxsecurity.com/issue/WLB-2012060144
Edimax IC-3030iWn Authentication Bypass
http://cxsecurity.com/issue/WLB-2012060143
o0mBBS 0.65B SQL Injection
http://cxsecurity.com/issue/WLB-2012060142
Zimplit CMS 3.0 CSRF / LFI / Shell Upload
http://cxsecurity.com/issue/WLB-2012060141
Photo Collection 1.5 SQL Injection
http://cxsecurity.com/issue/WLB-2012060140
WordPress Foxypress Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2012060139
Joomla Joomsport SQL Injection / Shell Upload
http://cxsecurity.com/issue/WLB-2012060138
WordPress Top Quark Architecture 2.10 Shell Upload
http://cxsecurity.com/issue/WLB-2012060136
WordPress Wp-Gpx-Map 1.1.21 Shell Upload
http://cxsecurity.com/issue/WLB-2012060136
WordPress User Meta 1.1.1 Shell Upload
http://cxsecurity.com/issue/WLB-2012060135
WordPress Custom Content Type Manager 0.9.5.13-pl Shell Upload
http://cxsecurity.com/issue/WLB-2012060134
Bradford Network Sentry Multiple Vulnerabilities
http://secunia.com/advisories/47478/
WordPress kk Star Ratings Plugin "root" File Inclusion Vulnerability
http://secunia.com/advisories/49537/
Apple Mac OS X update for Java
http://secunia.com/advisories/49542/
Oracle JavaFX 2D Unspecified Code Execution Vulnerability
http://secunia.com/advisories/49475/
Oracle Java Multiple Vulnerabilities
http://secunia.com/advisories/49472/
FreeBSD 64-bit Mode Sanity Check Privilege Escalation Vulnerability
http://secunia.com/advisories/49518/
Ruby on Rails Nested Query Parameters SQL Injection Vulnerability
http://secunia.com/advisories/49457/
Joomla! Art Uploader Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49531/
Quest Webthority Unspecified Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49520/
Red Hat update for JBoss Operations Network
http://secunia.com/advisories/49495/
WordPress NS Utilities Plugin Unspecified Vulnerability
http://secunia.com/advisories/49476/
AdSpy Pro Settings Security Bypass Vulnerability
http://secunia.com/advisories/49477/
Debian update for asterisk
http://secunia.com/advisories/49469/
SPIP Two Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49483/
Red Hat update for flash-plugin
http://secunia.com/advisories/49496/
Red Hat update for kernel
http://secunia.com/advisories/49500/
SUSE update for xen
http://secunia.com/advisories/49540/
IBM DB2 Multiple Vulnerabilities
http://secunia.com/advisories/49474/
FreeBSD update for bind
http://secunia.com/advisories/49549/
Rocket U2 UniData UniRPC Command Execution Vulnerability
http://secunia.com/advisories/49479/
Ubuntu update for linux
http://secunia.com/advisories/49547/
Ubuntu update for linux
http://secunia.com/advisories/49548/
WordPress Annonces Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49488/
Adobe ColdFusion HTTP Response Splitting Vulnerability
http://secunia.com/advisories/49517/
REMOTE: F5 BIG-IP SSH Private Key Exposure
http://www.exploit-db.com/exploits/19099
REMOTE: F5 BIG-IP Remote Root Authentication Bypass Vulnerability
http://www.exploit-db.com/exploits/19091
DoS/PoC: Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow
http://www.exploit-db.com/exploits/19098
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿