2012年6月6日水曜日
6日 水曜日、友引
+ RHSA-2012:0710 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2012-0710.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3101
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947
+ Google Chrome 19.0.1084.54 released
http://googlechromereleases.blogspot.jp/2012/06/stable-channel-update.html
+ Mozilla Firefox 13.0 released
http://www.mozilla.org/en-US/firefox/13.0/releasenotes/
+ Mozilla Thunderbird 13.0 released
http://mozilla.jp/thunderbird/
+ MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2012/mfsa2012-40.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1941
+ MFSA 2012-39 NSS parsing errors with zero length items
http://www.mozilla.org/security/announce/2012/mfsa2012-39.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441
+ MFSA 2012-38 Use-after-free while replacing/inserting a node in a document
http://www.mozilla.org/security/announce/2012/mfsa2012-38.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1946
+ MFSA 2012-37 Information disclosure though Windows file shares and shortcut files
http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1945
+ MFSA 2012-36 Content Security Policy inline-script bypass
http://www.mozilla.org/security/announce/2012/mfsa2012-36.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1944
+ MFSA 2012-35 Privilege escalation through Mozilla Updater and Windows Updater Service
http://www.mozilla.org/security/announce/2012/mfsa2012-35.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1942
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1943
+ MFSA 2012-34 Miscellaneous memory safety hazards
http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3101
+ nginx-1.2.1 stable and nginx-1.3.1 development versions released
http://nginx.org/en/CHANGES-1.2
http://nginx.org/en/CHANGES
+ Vulnerabilities with Windows directory aliases
http://nginx.org/en/security_advisories.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4963
+ CentOS alert CESA-2012:0705 (openoffice.org)
http://lwn.net/Alerts/500324/
http://lwn.net/Alerts/500327/
+ DHCP 4.2.4 released
https://kb.isc.org/article/AA-00699
+ DHCP 4.1-ESV-R5 released
https://kb.isc.org/article/AA-00701
+ VU#149070 Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability
http://www.kb.cert.org/vuls/id/149070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1821
+ VU#381699 ISC BIND 9 zero length rdata named vulnerability
http://www.kb.cert.org/vuls/id/381699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
+ ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
+ PostgreSQL 'SECURITY DEFINER' and 'SET' Attributes Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53812
UPDATE: APSB12-11 Security bulletin for Adobe Photoshop
http://www.adobe.com/support/security/bulletins/apsb12-11.html
UPDATE: APSB12-10 Security bulletin for Adobe Illustrator
http://www.adobe.com/support/security/bulletins/apsb12-10.html
CSP/ACSP/CCSP Cannot Use the ChatLive Service
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62850&src=securityAlerts
コンピュータウイルス・不正アクセスの届出状況[5月分]について
http://www.ipa.go.jp/security/txt/2012/06outline.html
SQL injection in Bigware shop software
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00009.html
Sielco Sistemi Winlog Buffer Overflow <= v2.07.14
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00008.html
[ MDVSA-2012:087 ] nut
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00007.html
Arbitrary File Upload/Execution in Collabtive
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00006.html
EUSecWest 2012 - Amsterdam, Sept 19/20 featuring Mobile PWN2OWN - CFP Deadline June 15
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00005.html
US-CERT Alert TA12-156A -- Microsoft Windows Unauthorized Digital Certificates
http://www.derkeiler.com/Mailing-Lists/Cert/2012-06/msg00000.html
[SECURITY] [DSA 2482-1] libgdata security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00003.html
[SECURITY] [DSA 2485-1] imp4 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00004.html
[SECURITY] [DSA 2482-1] arpwatch security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00002.html
[SECURITY] [DSA 2481-1] arpwatch security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00001.html
[SECURITY] [DSA 2484-1] nut security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00000.html
核施設を狙ったサイバー攻撃『Stuxnet』の全貌(WIRED.jp)
http://itpro.nikkeibp.co.jp/article/NEWS/20120606/400565/?ST=security
脆弱性を悪用するウイルスが猛威、ソフトの自動更新機能で守れ
IPAが注意喚起、WindowsやAdobe Readerなどの設定方法を解説
http://itpro.nikkeibp.co.jp/article/NEWS/20120606/400561/?ST=security
DNSサーバーの「BIND 9」に重大な脆弱性、企業などのキャッシュサーバーにも影響
http://itpro.nikkeibp.co.jp/article/NEWS/20120605/400443/?ST=security
UPDATE: JVNVU#381699 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU381699/index.html
JVNTA12-156A Microsoft Windows における証明書に関する問題
http://jvn.jp/cert/JVNTA12-156A/index.html
JVNDB-2012-002592 ISC BIND にサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002592.html
JVNDB-2012-000055 @WEBショッピングカートにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000055.html
JVNDB-2012-002591 NUT の upsd 内の common/parseconf.c の addchar 関数におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002591.html
JVNDB-2012-002590 Certified Asterisk および Asterisk Open Source におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002590.html
JVNDB-2012-002589 Certified Asterisk および Asterisk Open Source におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002589.html
JVNDB-2012-002588 VMware vMA における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002588.html
JVNDB-2012-002587 EMC AutoStart におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002587.html
VU#962587 Quagga BGP OPEN denial of service vulnerability
http://www.kb.cert.org/vuls/id/962587
Hexamail Server Webmail Email Body Script Insertion Vulnerability
http://secunia.com/advisories/49357/
Check Point IPSO DES Encryption Input Handling Weakness
http://secunia.com/advisories/49342/
WordPress Theme My Login Plugin "instance" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49399/
SUSE update for php5
http://secunia.com/advisories/49350/
@WEB ShoppingCart Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49385/
Red Hat update for openoffice.org
http://secunia.com/advisories/49392/
Kerberos "check_1_6_dummy()" Denial of Service Weakness
http://secunia.com/advisories/49346/
Apache Struts 2.2.1.1 Remote Command Execution
http://cxsecurity.com/issue/WLB-2012060044
WordPress 3.3.2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060043
Hexamail Server 4.4.5 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060042
ISC BIND 9.x Denial Of Service
http://cxsecurity.com/issue/WLB-2012060041
Xtemplate Shell Upload
http://cxsecurity.com/issue/WLB-2012060040
Dblog 1.4.1 Insecure Session / Access Bypass
http://cxsecurity.com/issue/WLB-2012060039
Sysax 5.60 Create SSL Certificate Buffer Overflow
http://cxsecurity.com/issue/WLB-2012060038
Mnews 1.1 SQL injection
http://cxsecurity.com/issue/WLB-2012060037
CMS Faethon 1.3.4 SQL Injection
http://cxsecurity.com/issue/WLB-2012060036
Della CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012060035
Zoph 0.9pre2 CSRF / File Disclosure / SQL Injection
http://cxsecurity.com/issue/WLB-2012060034
IM Storm SQL Injection
http://cxsecurity.com/issue/WLB-2012060033
Webex Eshop Builder SQL Injection
http://cxsecurity.com/issue/WLB-2012060032
TYPO3 4.7 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012060031
Log1 CMS writeInfo() PHP Code Injection
http://cxsecurity.com/issue/WLB-2012060030
TinyCMS 1.3 CSRF / LFI / File Upload
http://cxsecurity.com/issue/WLB-2012060029
Jabong.com Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012060028
AdaptCMS 2.0.2 (TinyURL) SQL Injection
http://cxsecurity.com/issue/WLB-2012060027
REMOTE: Apache Struts <= 2.2.1.1 Remote Command Execution
http://www.exploit-db.com/exploits/18984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
Mozilla Firefox SeaMonkey and Thunderbird CVE-2012-1943 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53807
Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540
ISC BIND CVE-2012-1033 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51898
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
Adobe Illustrator APSB12-10 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53422
Adobe Photoshop 'U3D.B8I' Library Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53464
Network UPS Tools (NUT) 'addchar()' Function Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53743
OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570
Collabtive 'manageuser.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53813
PostgreSQL 'SECURITY DEFINER' and 'SET' Attributes Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53812
Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53811
Bigware Shop 'main_bigware_54.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53810
WordPress Asset Manager Plugin 'upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53809
WordPress Comment Extra Fields Plugin 'cef-upload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53806
WordPress Foxypress Plugin 'uploadify.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53805
WordPress HTML5 AV Manager Plugin 'custom.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53804
Mozilla Firefox SeaMonkey and Thunderbird CVE-2012-1942 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53803
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800
Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1939 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53797
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796
Store Locator Plus WordPress Plugin Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/53795
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793
Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53792
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791
Nmedia WordPress Member Conversation Plugin 'doupload.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53790
WordPress WP Marketplace Plugin 'uploadify.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53789
Zoph Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/53788
WordPress WP-Property Plugin 'uploadify.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53787
Nmedia Users File Uploader Plugin Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/53786
WordPress Theme My Login Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53785
MIT Kerberos 5 'check_1_6_dummy()' Function NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53784
@WEB ShoppingCart Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53783
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿