2012年6月7日木曜日
7日 木曜日、先負
+ CentOS alert CESA-2012:0710 (firefox)
http://lwn.net/Alerts/500512/
http://lwn.net/Alerts/500519/
+ Wireshark 1.6.8 released
http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html
+ MySQL 5.5.25 released
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-25.html
+ DBI 1.622 released
http://search.cpan.org/~timb/DBI-1.622/
+ Ubuntu 'ubuntu-sso-client' Package SSL Certificate Validation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4408
+ Ubuntu 'ubuntuone-client' Package SSL Certificate Validation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4409
+ OpenLDAP Weak Cipher Encryption Security Weakness
http://www.securityfocus.com/bid/53823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2668
Status of OpenSSH CVEs
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk65269&src=securityAlerts
「ST作成に関する説明会」 参加者募集について
http://www.ipa.go.jp/security/jisec/seminar/st_seminar20120702.html
「国家があなたを狙ってますよ」、Googleのサービスに警告機能
強固なパスワードに変更を、パスワードを聞き出すフィッシングにも注意
http://itpro.nikkeibp.co.jp/article/NEWS/20120607/400823/?ST=security
UPDATE: JVN#15646988 WordPress 用プラグイン WassUp におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN15646988/index.html
JVN#24646833 SEIL シリーズにおけるアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN24646833/index.html
JVNVU#149070 Symantec Endpoint Protection Manager にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/cert/JVNVU149070/index.html
JVNTA12-156A Microsoft Windows における証明書に関する問題
http://jvn.jp/cert/JVNTA12-156A/index.html
SQL injection in Serendipity
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00011.html
[SECURITY] [DSA 2486-1] bind9 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-06/msg00010.html
JVNDB-2012-002607 LibTIFF の tiff_getimage.c における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002607.html
JVNDB-2012-002606 Ubuntu で使用される Aptdaemon における任意のパッケージをインストールされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002606.html
JVNDB-2012-002605 Xinetd の builtins.c におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002605.html
JVNDB-2012-002604 RPM の headerVerifyInfo 関数におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002604.html
JVNDB-2012-002603 RPM の headerLoad 関数におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002603.html
JVNDB-2012-002602 RPM におけるサービス運用妨害 (クラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002602.html
JVNDB-2012-002601 Best Practical Solutions RT におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002601.html
JVNDB-2012-002600 Best Practical Solutions RT における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002600.html
JVNDB-2012-002599 Best Practical Solutions RT における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002599.html
JVNDB-2012-002598 Best Practical Solutions RT におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002598.html
JVNDB-2012-002597 Best Practical Solutions RT における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002597.html
JVNDB-2012-002596 Best Practical Solutions RT におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002596.html
JVNDB-2012-002595 Best Practical Solutions RT における過去のパスワードハッシュを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002595.html
JVNDB-2012-002594 Best Practical Solutions RT におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002594.html
JVNDB-2012-002593 Best Practical Solutions RT における平文パスワードを検出される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002593.html
JVNDB-2012-000059 SEIL シリーズにおけるアクセス制限不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000059.html
JVNDB-2012-000058 WordPress 用プラグイン WassUp におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000058.html
Firefox, Thunderbird, and Seamonkey Security Updates
http://isc.sans.edu/diary.html?storyid=13384
BIND 9 Update - DoS or information disclosure vulnerability
http://isc.sans.edu/diary.html?storyid=13387
Potential leak of 6.5+ million LinkedIn password hashes
http://isc.sans.edu/diary.html?storyid=13390
vBulletin 'subject' Parameter Cross Site Scripting Vulnerability
http://www.securiteam.com/securitynews/5GP2Y1P7FI.html
Microsoft Windows SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securiteam.com/securitynews/5FP2X1P7FM.html
Microsoft Windows Firewall 'tcpip.sys' Security Bypass Vulnerability
http://www.securiteam.com/securitynews/5EP2W1P7FQ.html
Microsoft Excel Memory Corruption Remote Code Execution Vulnerability
http://www.securiteam.com/securitynews/5DP2V1P7FU.html
Winlog Lite Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027128
OpenLDAP May Ignore TLSCipherSuite Setting in Some Cases
http://www.securitytracker.com/id/1027127
Mozilla Seamonkey Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027123
Mozilla Thunderbird Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027122
Mozilla Firefox Multiple Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027120
Kerberos kadmind Null Pointer Dereference Lets Remote Authenticated Administrators
http://www.securitytracker.com/id/1027119
VU#458153 Video drivers may fail to support Address Space Layout Randomization (ASLR)
http://www.kb.cert.org/vuls/id/458153
Mozilla Firefox / Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/49368/
Mozilla Firefox / Thunderbird / SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/49366/
WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection
http://secunia.com/advisories/49391/
WordPress WP-Property Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49394/
IBM AIX "socketpair()" Denial of Service Vulnerability
http://secunia.com/advisories/49404/
WordPress HTML5 AV Manager Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49390/
Winlog Packet Processing Buffer Overflow Vulnerability
http://secunia.com/advisories/49395/
Debian update for bind9
http://secunia.com/advisories/49323/
WordPress Asset Manager Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49378/
WordPress FoxyPress Plugin Arbitrary File Upload Vulnerability
http://secunia.com/advisories/49382/
Ubuntu update for bind9
http://secunia.com/advisories/49403/
Ubuntu update for postgresql
http://secunia.com/advisories/49408/
SEIL Routers HTTP-Proxy/Gateway Functionality Security Bypass Vulnerability
http://secunia.com/advisories/49365/
Joomla com_eslamiat Sql Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012060061
StyleDesign CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012060060
Collabtive 0.7.5 Shell Upload
http://cxsecurity.com/issue/WLB-2012060059
MyBB 1.6.8 SQL Injection
http://cxsecurity.com/issue/WLB-2012060058
Bigware Shop SQL Injection
http://cxsecurity.com/issue/WLB-2012060057
WordPress WP-Property 1.35.0 Shell Upload
http://cxsecurity.com/issue/WLB-2012060056
Sielco Sistemi Winlog 2.07.14 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012060055
WordPress Google Maps Via Store Locator Plus Email Spool / SQL Injection
http://cxsecurity.com/issue/WLB-2012060054
WordPress WP Marketplace Shell Upload
http://cxsecurity.com/issue/WLB-2012060053
WordPress HTML5 AV Manager 0.2.7 Shell Upload
http://cxsecurity.com/issue/WLB-2012060052
WordPress HT-Poi Shell Upload
http://cxsecurity.com/issue/WLB-2012060051
WordPress Asset Manager 0.2 Shell Upload
http://cxsecurity.com/issue/WLB-2012060050
WordPress WP Mass Mail Spoofing
http://cxsecurity.com/issue/WLB-2012060049
WordPress Comment Extra Fields Shell Upload
http://cxsecurity.com/issue/WLB-2012060048
WordPress Nmedia WP Member Conversation 1.35.0 Shell Upload
http://cxsecurity.com/issue/WLB-2012060047
WordPress Nmedia User File Uploader Shell Upload
http://cxsecurity.com/issue/WLB-2012060046
WordPress Foxypress Shell Upload
http://cxsecurity.com/issue/WLB-2012060045
REMOTE: Microsoft Windows OLE Object File Handling Remote Code Execution
http://www.exploit-db.com/exploits/19002
DoS/PoC: Audio Editor Master 5.4.1.217 Denial Of Service Vulnerability
http://www.exploit-db.com/exploits/19000
Real Networks RealPlayer CVE-2012-0926 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/51888
Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52034
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1947 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53791
Mozilla Firefox/Thunderbird/SeaMonkey '.lnk' Files Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53799
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
http://www.securityfocus.com/bid/53801
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798
Apple QuickTime Prior To 7.7.2 H.264 Encoded Heap Overflow Vulnerability
http://www.securityfocus.com/bid/53576
Samba CVE-2012-2111 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/53307
Apple QuickTime Prior To 7.7.2 Sorenson Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53580
Apple QuickTime Prior To 7.7.2 QTVR Files Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53583
Apple Mac OS X QuickTime CVE-2012-0659 MPEG File Handling Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53467
Apple QuickTime Prior To 7.7.2 RLE Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53579
Mozilla Firefox/Thunderbird/SeaMonkey Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53792
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1941 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53793
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1940 Use After Free Vulnerability
http://www.securityfocus.com/bid/53794
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53800
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
http://www.securityfocus.com/bid/53808
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53796
Microsoft Windows OLE Property CVE-2011-3400 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50977
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1939 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53797
pidgin-otr 'log_message_cb()' Function Format String Vulnerability
http://www.securityfocus.com/bid/53557
IBM AIX 'socketpair()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53567
OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570
Bigware Shop 'main_bigware_54.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53810
Drupal Token Authentication Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/53840
Drupal Simplenews Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53839
Drupal Organic Groups Module Cross Site Scripting and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/53838
Siemens WinCC Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53837
Drupal Maestro Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53836
Drupal Node Embed Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/53835
Ubuntu 'ubuntu-sso-client' Package SSL Certificate Validation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53829
Ubuntu 'ubuntuone-client' Package SSL Certificate Validation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53828
Vanilla Forums kPoll Plugin 'index.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/53827
Audio Editor Master '.cda' File Processing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53825
OpenLDAP Weak Cipher Encryption Security Weakness
http://www.securityfocus.com/bid/53823
SEIL Multiple Products Security Bypass Vulnerability
http://www.securityfocus.com/bid/53821
MyBB 'member.php' SQL Injection Vulnerability
http://www.securityfocus.com/bid/53814
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿