:: IT Security Neophyte Investigator's MEMO ::: 19日火曜日、先負

2012年6月19日火曜日

19日火曜日、先負

+ RHSA-2012:0743 Important: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-0743.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2373

+ RHSA-2012:0744 Moderate: python security update
http://rhn.redhat.com/errata/RHSA-2012-0744.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0845
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150

+ CentOS alert CESA-2012:0745 (python)
http://lwn.net/Alerts/502437/

+ CentOS alert CESA-2012:0744 (python)
http://lwn.net/Alerts/502451/

+ MFSA 2012-41 Use-after-free in nsHTMLSelectElement
http://www.mozilla.org/security/announce/2012/mfsa2012-41.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3671

+ PDFCreator 1.4.1 released
http://www.pdfforge.org/

+ RHSA-2012:0745 Moderate: python security update
http://rhn.redhat.com/errata/RHSA-2012-0745.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1150

+ SA49631 Symantec LiveUpdate Administrator Insecure File Permissions
http://secunia.com/advisories/49631/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0304

+ Oracle MySQL CVE-2012-0583 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53061
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0583

+ Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137

+ Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372

Check Point response to "Off-Path TCP Sequence Number Inference Attack"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk74640&src=securityAlerts

Endpoint Connect (EPC) DLL hijacking vulnerability
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480&src=securityAlerts

Trend Micro Deep Security 7.5 Service Pack 4の公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1798

Microsoft Windows 等の脆弱性の回避策について
(KB2719615)(CVE-2012-1889)
http://www.ipa.go.jp/security/ciadr/vul/20120618-windows.html

DC4420 - London DEFCON - June meet - Tuesday June 19th 2012
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00112.html

SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00111.html

SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00110.html

[ MDVSA-2012:095 ] java-1.6.0-openjdk
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00109.html

[ MDVSA-2012:094 ] clamav
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00108.html

Squiz CMS Multiple Vulnerabilities - Security Advisory - SOS-12-007
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00107.html

QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00106.html

[SECURITY] [DSA 2495-1] openconnect security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00103.html

[Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00104.html

Webify Product Series - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00102.html

News Script PHP v1.2 - Multiple Web Vulnerabilites
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00101.html

トレンドマイクロがSSL証明書発行に参入、年間40万円の定額制
http://itpro.nikkeibp.co.jp/article/NEWS/20120618/403421/?ST=security

JVNVU#162931 Java for Mac OS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU162931/index.html

JVNDB-2012-001979 VMware ESXi および ESX におけるゲスト OS の権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001979.html

JVNDB-2012-002742 複数の VMware 製品におけるサービス運用妨害 (ゲスト OS クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002742.html

JVNDB-2012-002741 複数の VMware 製品におけるホスト OS 上で任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002741.html

JVNDB-2012-002740 Opera におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002740.html

JVNDB-2012-002739 Opera におけるサービス運用妨害 (メモリ消費またはアプリケーションハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002739.html

JVNDB-2012-002738 Opera におけるサービス運用妨害 (アプリケーションハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002738.html

JVNDB-2012-002737 Opera におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002737.html

JVNDB-2012-002736 Opera におけるサービス運用妨害 (アプリケーションハング) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002736.html

JVNDB-2012-002735 Opera におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002735.html

JVNDB-2012-002734 Opera におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002734.html

JVNDB-2012-002733 Opera における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002733.html

JVNDB-2012-002732 Opera におけるなりすまし攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002732.html

JVNDB-2012-002731 Mac OS X 上で稼働する Opera における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002731.html

JVNDB-2012-002730 Opera におけるなりすまし攻撃を受ける脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002730.html

JVNDB-2012-002729 Opera における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002729.html

JVNDB-2012-002728 Opera におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002728.html

JVNDB-2012-002727 Opera におけるクロスサイトスクリプティング攻撃を実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002727.html

JVNDB-2012-002726 ioquake3 における任意のファイルを上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002726.html

JVNDB-2012-002694 Microsoft XML コアサービスにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002694.html

CVE-2012-1875 exploit is now available
http://isc.sans.edu/diary.html?storyid=13495

Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027182

PHPlist Input Validation Flaws Permit Cross-Site Scripting and SQL Injection Attacks
http://www.securitytracker.com/id/1027181

REMOTE: Ezhometech Ezserver 6.4 Stack Overflow Exploit
http://www.exploit-db.com/exploits/19266

DoS/PoC: Total Video Player 1.31 .m3u Crash PoC
http://www.exploit-db.com/exploits/19265

Samsung AllShare HTTP Header Processing Denial of Service Vulnerability
http://secunia.com/advisories/49209/

Innominate mGuard Weak Entropy Key Generation Weakness
http://secunia.com/advisories/49632/

WordPress LB Mixed Slideshow Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49610/

SUSE update for python-tornado
http://secunia.com/advisories/49231/

WordPress Automatic Plugin "q" SQL Injection Vulnerability
http://secunia.com/advisories/49573/

Joomla! Maian Media Component Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49613/

WordPress Lim4wp Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49609/

WordPress Wp-ImageZoom Plugin Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/49612/

SUSE update for MozillaFirefox
http://secunia.com/advisories/49641/

Joomla! Dione FileUploader Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49614/

WordPress MegaThemes Themes Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49611/

UseResponse Multiple Vulnerabilities
http://secunia.com/advisories/49577/

Gentoo update for opera
http://secunia.com/advisories/49634/

NOCC Email Body Script Insertion Vulnerability
http://secunia.com/advisories/49555/

IBM WebSphere Application Server iehs Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49654/

Symantec LiveUpdate Administrator Insecure File Permissions
http://secunia.com/advisories/49631/

Ubuntu update for linux-ti-omap4
http://secunia.com/advisories/49633/

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-1723 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53960

Oracle Java SE CVE-2012-1713 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947

Oracle Java SE CVE-2012-1711 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53949

Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954

Oracle Java SE CVE-2012-1724 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53958

BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/35918

PostgreSQL Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52188

Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533

Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51371

Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721

MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165

Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166

Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614

KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162

FFmpeg Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/51720

FFmpeg Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/51307

FFmpeg libavcodec 'vqavideo.c' '.vaq' File Heap Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53389

Oracle MySQL CVE-2012-1690 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53074

Oracle MySQL CVE-2012-2122 User Login Security Bypass Vulnerability
http://www.securityfocus.com/bid/53911

Oracle MySQL CVE-2012-1688 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53067

Oracle MySQL CVE-2012-1703 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53058

Oracle MySQL CVE-2012-0583 Remote MySQL Server Vulnerability
http://www.securityfocus.com/bid/53061

Rugged Operating System Backdoor Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/53215

Asterisk IAX2 Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53722

ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772

Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681

XnView FPX / ECW / RAS Image Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54030

iScripts EasyCreate HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54034

Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52611

Multiple AntiVirus Products CVE-2012-1459 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52623

Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52610

MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52698

Ruby on Rails CVE-2012-2660 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53754

Java Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51236

Ruby on Rails Active Record SQL Injection Vulnerability
http://www.securityfocus.com/bid/53753

PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53455

libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830

libgssglue 'GSSAPI_MECH_CONF' Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48490

Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53934

Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856

Total Video Player '.m3u'/'.mp3'/'.avi' File Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54065

MyTickets 'define.php' Script SQL Injection Vulnerability
http://www.securityfocus.com/bid/54064

Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063

Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062

WordPress Automatic 'q' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54061

Revelation Multiple Security Weaknesses
http://www.securityfocus.com/bid/54060

WordPress Lim4wp 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54059

WordPress Wp-ImageZoom 'file' Parameter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/54058

WordPress LB Mixed Slideshow Plugin 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54057

Ezhometech EzServer 'GET' Request Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54056

Samsung AllShare 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54055

WordPress Multiple Themes 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54052

:: IT Security Neophyte Investigator's MEMO ::

2012年6月19日火曜日

19日火曜日、先負

0 件のコメント:

コメントを投稿

2012年6月19日火曜日

19日 火曜日、先負

0 件のコメント:

コメントを投稿

19日火曜日、先負