2012年6月29日金曜日
29日 金曜日、友引
+ Google Chrome 20.0.1132.47 released
http://googlechromereleases.blogspot.jp/2012/06/beta-and-stable-channel-update.html
+ CentOS alert CESA-2012:1045 (php)
http://lwn.net/Alerts/504054/
+ CentOS alert CESA-2012:1047 (php53)
http://lwn.net/Alerts/504055/
Red Hat Enterprise Linux 6 専用 及び CentOS 6 専用 ServerProtect for Linux 3.0 プログラム公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1796
Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx
Advisory: Upgrade to Sophos Anti-Virus for Mac, version 8
http://www.sophos.com/en-us/support/knowledgebase/116709.aspx
キヤノンITソリューションズ、Android向け総合セキュリティソフト
http://itpro.nikkeibp.co.jp/article/NEWS/20120628/406086/?ST=security
日立ソリューションズ、DBファイアウォールの導入SIをメニュー化
http://itpro.nikkeibp.co.jp/article/NEWS/20120628/405976/?ST=security
JVNDB-2012-002895 Oracle MySQL および MariaDB の sql/password.c における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002895.html
JVNDB-2012-002894 IBM AIX および VIOS の sendmail のデフォルト設定における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002894.html
JVNDB-2012-002893 Google Chrome における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002893.html
JVNDB-2012-002892 Google Chrome の PDF 機能の JS API におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002892.html
JVNDB-2012-002891 Google Chrome の PDF 機能の画像コーデックにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002891.html
JVNDB-2012-002890 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002890.html
JVNDB-2012-002889 Google Chrome におけるサービス運用妨害 (不正なポインタの使用) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002889.html
JVNDB-2012-002888 Google Chrome の Cascading Style Sheets の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002888.html
JVNDB-2012-002887 Google Chrome の PDF 機能における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002887.html
JVNDB-2012-002886 Mac OS X 上で稼働する Google Chrome の UI におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002886.html
JVNDB-2012-002885 Google Chrome におけるサービス運用妨害 (out-of-bounds read) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002885.html
JVNDB-2012-002884 Google Chrome の XSL の実装におけるサービス運用妨害 (不正な読み取り操作) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002884.html
JVNDB-2012-002883 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002883.html
JVNDB-2012-002882 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002882.html
JVNDB-2012-002881 Google Chrome の PDF 機能におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002881.html
JVNDB-2012-002880 Google Chrome の autofill におけるテキスト表示の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002880.html
JVNDB-2012-002879 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002879.html
JVNDB-2012-002878 Google Chrome の texSubImage2D におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002878.html
JVNDB-2012-002877 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002877.html
JVNDB-2012-002876 Google Chrome におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002876.html
JVNDB-2012-002875 Windows 上で稼働する Google Chrome におけるサービス運用妨害 (プロセス干渉) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002875.html
JVNDB-2012-002874 Google Chrome におけるフラグメント識別子から重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002874.html
JVNDB-2012-002873 64-bit Linux プラットフォーム上の Google Chrome で使用される libxml2 における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002873.html
JVNDB-2012-002872 Google Chrome における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002872.html
ZDI-12-113 : IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00187.html
ZDI-12-112 : SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00186.html
ZDI-12-111 : SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00185.html
ZDI-12-110 : Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execut
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00184.html
ZDI-12-108 : Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerab
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00182.html
ZDI-12-109 : Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerabili
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00183.html
ZDI-12-107 : Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00181.html
[SECURITY] [DSA 2504-1] libspring-2.5-java security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00180.html
[SECURITY] [DSA 2503-1] bcfg2 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00179.html
ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulner
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00178.html
[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00177.html
Massive spike in BGP traffic - Possible BGP poisoning?
http://isc.sans.edu/diary.html?storyid=13579
ISC Feature of the Week: About the Internet Storm Center
http://isc.sans.edu/diary.html?storyid=13582
WordPress Job Manager Plugin Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49756/
PHP-Fusion Advanced MP3 Player Module Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49735/
IBM Integrated Information Core Multiple Vulnerabilities
http://secunia.com/advisories/49668/
WordPress Multiple Vulnerabilities
http://secunia.com/advisories/49726/
web@all Cross-Site Request Forgery and Scripting Vulnerabilities
http://secunia.com/advisories/49529/
HP Photosmart Printers Denial of Service Vulnerability
http://secunia.com/advisories/49739/
IBM Rational ClearQuest Cross-Site Scripting and Information Disclosure Vulnerabilities
http://secunia.com/advisories/49681/
SUSE update for kernel
http://secunia.com/advisories/49736/
Drupal Hashcash Module Invalid Token Script Insertion Vulnerability
http://secunia.com/advisories/49683/
bcfg2 Trigger Plugin Command Injection Vulnerability
http://secunia.com/advisories/49629/
Red Hat update for php53
http://secunia.com/advisories/49731/
Red Hat update for php
http://secunia.com/advisories/49730/
Cisco WebEx Player WRF Processing Multiple Vulnerabilities
http://secunia.com/advisories/49750/
Red Hat update for php
http://secunia.com/advisories/49599/
Cisco WebEx Player ARF Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/49751/
Mini-stream URL Hunter Playlist Buffer Overflow
http://secunia.com/advisories/49512/
Symantec Web Gateway 5.0.2.8 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012060334
Symantec PcAnywhere login and password field buffer overflow
http://cxsecurity.com/issue/WLB-2012060333
VLC 2.0.1 Denial Of Service
http://cxsecurity.com/issue/WLB-2012060332
Real Player 10 Gold Exception Handling
http://cxsecurity.com/issue/WLB-2012060331
Chiangrai Enter Soft Design SQL Injection
http://cxsecurity.com/issue/WLB-2012060330
Top Nepal SQL Injection
http://cxsecurity.com/issue/WLB-2012060329
MUSOYAN SQL Injection
http://cxsecurity.com/issue/WLB-2012060328
Rainbowdigital SQL Injection
http://cxsecurity.com/issue/WLB-2012060327
Pixel Identity SQL Injection
http://cxsecurity.com/issue/WLB-2012060326
Rhdesign SQL Injection
http://cxsecurity.com/issue/WLB-2012060325
Rubysoft Solutions SQL Injection
http://cxsecurity.com/issue/WLB-2012060324
HR Software SQL Injection
http://cxsecurity.com/issue/WLB-2012060323
ExNet SQL Injection
http://cxsecurity.com/issue/WLB-2012060322
LOCAL: Apple QuickTime TeXML Stack Buffer Overflow
http://www.exploit-db.com/exploits/19433
AccountsService 'user_change_icon_file_authorized_cb()' Function File Disclosure Vulnerability
http://www.securityfocus.com/bid/54223
Openfire Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/32189
Bcfg2 'Trigger' Plugin Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54217
Python PyCrypto Key Generation Weakness
http://www.securityfocus.com/bid/53687
Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49543
Gallery Cross Site Scripting and Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54013
Apple QuickTime Prior To 7.7.2 Multiple Stack Overflow Vulnerabilities
http://www.securityfocus.com/bid/53571
OpenJPEG '.jpeg' File Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52654
OpenJPEG Gray16 TIFF Image File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53012
PHP 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities
http://www.securityfocus.com/bid/40173
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545
PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388
PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806
PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043
PHP 'zend_strndup()' Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/51417
PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403
Mozilla Firefox/Thunderbird/SeaMonkey nsDOMAttribute Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51755
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
http://www.securityfocus.com/bid/53442
Symantec Web Gateway Remote Shell Command Execution Vulnerability
http://www.securityfocus.com/bid/53444
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49143
Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705
PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51830
webERP Multiple Remote and Local File Include Vulnerabilities
http://www.securityfocus.com/bid/54236
TEMENOS T24 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54235
Basilic 'diff.php' Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/54234
Boost 'ordered_malloc()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54233
SAP Netweaver ABAP 'msg_server.exe' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54231
SAP Netweaver ABAP 'msg_server.exe' Parameter Name Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54229
PHP-Fusion Advanced MP3 Player Infusion 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/54228
Boehm GC malloc()' and 'calloc()' Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54227
WordPress Job Manager Plugin Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54226
Avaya IP Office Customer Call Reporter 'ImageUpload.ashx' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54225
WordPress Security Bypass And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54224
Real Networks RealPlayer '.avi' File Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/54220
VLC Media Player '.avi' File Denial of Service Vulnerability
http://www.securityfocus.com/bid/54208
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿