2012年6月22日金曜日
22日 金曜日、先勝
+ Wireshark 1.8.0 released
http://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html
+ Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063
CVE-2012-2137
+ Apple iTunes '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54113
[更新]ウイルスバスター コーポレートエディション 10.6 リパック版 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1799
高度なマルウエア「Flame」は米国とイスラエルの共同開発、米紙が報道
http://itpro.nikkeibp.co.jp/article/NEWS/20120621/404349/?ST=security
UPDATE: JVNTA12-164A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-164A/index.html
JVNDB-2012-002806 複数の Innominate Security Technologies 社の製品における HTTPS または SSH サーバになりすまされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002806.html
JVNDB-2012-002127 Rugged Operating System (ROS) におけるユーザアカウントに関する問題
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002127.html
JVNDB-2012-002805 OpenOffice.org および LibreOffice の filter/source/msfilter/msdffimp.cxx における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002805.html
JVNDB-2012-002804 APT における変更されたパッケージをインストールされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002804.html
JVNDB-2012-002803 Ubuntu で使用される Update Manager におけるレポジトリ証明書を読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002803.html
JVNDB-2012-002802 Spamdyke におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002802.html
JVNDB-2012-002801 Wyse Device Manager の hagent.exe における管理アクセス権を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002801.html
JVNDB-2012-002800 Wyse Device Manager におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002800.html
JVNDB-2012-002799 IBM AIX および VIOS の socketpair 関数におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002799.html
JVNDB-2012-002798 IBM DB2 の DRDA モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002798.html
JVNDB-2012-002797 IBM Lotus iNotesr の ActiveX コントロールにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002797.html
JVNDB-2012-002796 IBM Lotus Notes の URL ハンドラにおける任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002796.html
JVNDB-2012-002795 IBM Security AppScan Source の ODBC ドライバにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002795.html
JVNDB-2012-002794 IBM WebSphere Application Server における重要なクライアント情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002794.html
JVNDB-2012-002793 IBM Eclipse Help System の deferredView.jsp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002793.html
JVNDB-2012-002792 IBM Eclipse Help System におけるオープンリダイレクトの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002792.html
JVNDB-2012-002791 IBM WebSphere Application Server におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002791.html
JVNDB-2012-002790 IBM WebSphere Application Server における X.509 クライアント証明書の認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002790.html
JVNDB-2012-002789 IBM WebSphere Application Server の管理コンソールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002789.html
JVNDB-2012-002788 WordPress 用 Plugin Newsletter プラグインにおけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002788.html
JVNDB-2012-002787 APT におけるトロイの木馬のパッケージをインストールされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002787.html
JVNDB-2012-002786 Asterisk Open Source の chan_skinny.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002786.html
JVNDB-2012-002785 Check Point の複数の製品における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002785.html
CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00135.html
[ MDVSA-2012:099 ] net-snmp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00134.html
Mybb 1.6.8 announcements.php Sql Injection Vulnerabilitiy
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00133.html
[ MDVSA-2012:098 ] libxml2
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00132.html
[SECURITY] [DSA 2497-1] quagga security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00131.html
ISC BIND Security Bypass Vulnerability
http://www.securiteam.com/securitynews/5ZP3G0A7FA.html
Cisco Security Advisories 20 JUN 2012
http://isc.sans.edu/diary.html?storyid=13516
Print Bomb? (Take 2)
http://isc.sans.edu/diary.html?storyid=13519
Analysis of drive-by attack sample set
http://isc.sans.edu/diary.html?storyid=13522
IBM System Storage Input Validation Flaws in Manager Profiler Permit Cross-Site Scripting and SQL Injection Attacks
http://www.securitytracker.com/id/1027194
IBM AIX Symlink Flaw in libodm Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027193
Huawei HG866 Authentication Bypass Vulnerability
http://secunia.com/advisories/49575/
WordPress Mac Photo Gallery Plugin "albid" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/49650/
Cisco Adaptive Security Appliances Denial of Service Vulnerability
http://secunia.com/advisories/49647/
Cisco ACE Products Security Bypass Weakness
http://secunia.com/advisories/49646/
Winamp AVI / IT File Processing Vulnerabilities
http://secunia.com/advisories/46624/
WordPress Nmedia MailChimp Plugin "abs_path" Remote File Inclusion Vulnerability
http://secunia.com/advisories/49538/
Globus Toolkit GridFTP Server Invalid User Authentication Security Bypass
http://secunia.com/advisories/49661/
F5 Products BIND Recursive Query Processing Denial of Service Vulnerability
http://secunia.com/advisories/49663/
F5 Products Multiple Vulnerabilities
http://secunia.com/advisories/49478/
Gentoo update for wicd
http://secunia.com/advisories/49657/
Gentoo update for nginx
http://secunia.com/advisories/49655/
LiveStreet CMS "ts" Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49639/
PD Products Two SQL Injection Vulnerabilities
http://secunia.com/advisories/49623/
ACDsee Pro Multiple Image Parsing Vulnerabilities
http://secunia.com/advisories/48804/
Debian update for quagga
http://secunia.com/advisories/48969/
F5 Products BIND DNS Resource Records Handling Vulnerability
http://secunia.com/advisories/49662/
XnView Multiple Image Decompression Vulnerabilities
http://secunia.com/advisories/48666/
AdNovum nevisProxy Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49642/
InfoSphere Guardium S-TAP Denial of Service Vulnerability
http://secunia.com/advisories/49638/
IBM AIX libodm Insecure File Creation Vulnerability
http://secunia.com/advisories/49618/
Commentics Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/49659/
Red Hat update for JBoss Enterprise Products
http://secunia.com/advisories/49656/
Red Hat update for JBoss Enterprise Products
http://secunia.com/advisories/49658/
Adiscon LogAnalyzer "highlight" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49574/
Gentoo update for asterisk
http://secunia.com/advisories/49536/
Gentoo update for openjpeg
http://secunia.com/advisories/49458/
IBM System Storage Products Storage Manager Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/49582/
eSyndiCat Directory Software Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/49558/
Cisco AnyConnect VPN Client Two Vulnerabilities
http://secunia.com/advisories/49645/
REMOTE: Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow
http://www.exploit-db.com/exploits/19322/
IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012060257
traq-2.3.5 CSRF,XSS,SQL
http://cxsecurity.com/issue/WLB-2012060256
Drupal 7.x-1.3 Privatemsg Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060255
Pidgin 'silc_private_message()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/49912
Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability
http://www.securityfocus.com/bid/37524
MediaWiki Versions Prior to 1.16.3 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47354
MediaWiki CSS Comments Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/46108
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/42024
MediaWiki 1.16.4 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/47722
MediaWiki Multiple Local File Include Vulnerabilities
http://www.securityfocus.com/bid/46451
MediaWiki 'api.php' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/42019
Wicd 'wicd/configmanager.py' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51703
Wicd 'SetWirelessProperty()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/52987
ejabberd XML Parsing Denial of Service Vulnerability
http://www.securityfocus.com/bid/48072
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
http://www.securityfocus.com/bid/50737
ejabberd 'client2server' Message Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/38003
nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52999
OpenJPEG '.jpeg' File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52654
Linux Kernel Reliable Datagram Sockets (RDS) CVE-2012-2372 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54062
MacVTap Device Driver Local Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53165
Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51371
Asterisk SCCP Skinny Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53723
Asterisk IAX2 Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53722
Asterisk Shell Command Execution Security Bypass Vulnerability
http://www.securityfocus.com/bid/53206
Asterisk Skinny Channel Driver Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53210
Asterisk SIP Channel Driver Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53205
Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614
Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533
Linux Kernel CVE-2012-2373 Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53614
Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721
Linux kernel fcaps Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53166
Linux Kernel KVM 'kvm_set_irq()' Function Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54063
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
Linux Kernel '__split_huge_page()' Race Condition Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52533
Globus Toolkit GridFTP 'getpwnam_r()' Security Bypass Vulnerability
http://www.securityfocus.com/bid/53778
Net-SNMP SNMP GET Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/53255
IBM DB2 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53873
Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54107
Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540
WordPress Schreikasten Plugin 'name' or 'contact' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/54144
Traq 'plugin' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54143
WordPress Nmedia MailChimp Plugin 'abs_path' Parameter Remote File Include Vulnerability
http://www.securityfocus.com/bid/54141
Joomla! 'com_szallasok' Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54140
ACDsee Pro Multiple Image Parsing Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54138
Huawei HG866 'password.html' Security Bypass Vulnerability
http://www.securityfocus.com/bid/54137
Winamp AVI / IT File Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54131
MyBB 'announcements.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/54130
WordPress Mac Photo Gallery Plugin 'albid' Parameter Remote File Disclosure Vulnerability
http://www.securityfocus.com/bid/54128
AdNovum nevisProxy Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54127
XnView Multiple Image Decompression Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54125
IBM InfoSphere Guardium Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54123
IBM AIX Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54122
LiveStreet Multiple Cross Site Scripting And Path Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54120
Adiscan LogAnalyzer Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54117
Apple iTunes '.m3u' File Remote Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54113
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿