2012年7月12日木曜日
12日 木曜日、先負
+ RHSA-2012:1068 Important: openjpeg security update
http://rhn.redhat.com/errata/RHSA-2012-1068.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3358
+ Google Chrome 20.0.1132.57 released
http://googlechromereleases.blogspot.jp/2012/07/stable-channel-update.html
+ Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3074
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2486
+ Multiple Vulnerabilities in Cisco TelePresence Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2486
+ Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2486
+ Multiple Vulnerabilities in Cisco TelePresence Recording Server
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2486
+ PSN-2012-07-654 2012-07: Routing and Switching: Security Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-654&viewMode=view
+ PSN-2012-07-653 2012-07 Security Bulletin: Junos: Inbound SSH traffic is allowed even though 'host-inbound-traffic' is not configured to allow it
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-653&viewMode=view
+ PSN-2012-07-652 2012-07 Security Bulletin: Junos: flowd core when processing non-first IP fragmented packets
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-652&viewMode=view
+ PSN-2012-07-651 2012-07 Security Bulletin: Junos: When 'log' action is enabled, a firewall filter deployed on lo0 cannot filter high rate of packets sent to the RE
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-651&viewMode=view
+ PSN-2012-07-650 2012-07 Security Bulletin: Junos: J-Web vulnerable to hash table collision attacks (CVE-2011-3414)
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-650&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3414
+ PSN-2012-07-649 2012-07 Security Bulletin: Junos: J-Web vulnerable to Cross Site Scripting
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-649&viewMode=view
+ PSN-2012-07-648 2012-07 Security Bulletin: Junos: rpd process can hang following a specific PIM broadcast storm
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-648&viewMode=view
+ PSN-2012-07-647 2012-07 Security Bulletin: Junos: rpd crash when receiving malformed IS-IS hello packets
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-647&viewMode=view
+ PSN-2012-07-646 2012-07 Security Bulletin: Junos: Loading factory-default from exclusive edit causes escalation of privileges
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-646&viewMode=view
+ PSN-2012-07-645 2012-07 Security Bulletin: Junos: Incorrect integer conversions in OpenSSL can result in memory corruption (CVE-2012-2110)
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-645&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+ PSN-2012-07-644 2012-07 Security Bulletin: Junos: Kernel crash due to ICMPv6 packet with corrupted payload
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-644&viewMode=view
+ PSN-2012-07-643 2012-07 Security Bulletin: Junos: Incorrect behavior of SYN Cookie protection
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-07-643&viewMode=view
+ UPDATE: Microsoft Security Advisory (2728973) Unauthorized Digital Certificates Could Allow Spoofing
http://technet.microsoft.com/en-us/security/advisory/2728973
Microsoft Office 等の脆弱性の修正について(MS12-046)(CVE-2012-1854)
http://www.ipa.go.jp/security/ciadr/vul/20120711-windows.html
MSXMLの脆弱性を狙うBlackhole攻撃ツール
http://itpro.nikkeibp.co.jp/article/COLUMN/20120710/408235/?ST=security
WindowsやOfficeに危険な脆弱性、標的型攻撃への悪用も確認
「緊急」のセキュリティ情報が3件、パッチの適用が急務
http://itpro.nikkeibp.co.jp/article/NEWS/20120712/408641/?ST=security
チェックしておきたい脆弱性情報<2012.07.11>
http://itpro.nikkeibp.co.jp/article/COLUMN/20120706/407645/?ST=security
JVNTA12-174A Microsoft XML コアサービスに脆弱性
http://jvn.jp/cert/JVNTA12-174A/
JVNTA12-192A Microsoft 製品における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-192A/
ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00062.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00059.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00060.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00058.html
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00061.html
Multiple Cross-Site Scripting (XSS) in Kajona
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00057.html
US-CERT Alert TA12-192A - Microsoft Updates for Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Cert/2012-07/msg00000.html
VU#377915 SMC SMC8024L2 switch web interface authentication bypass
http://www.kb.cert.org/vuls/id/377915
EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories
http://www.securitytracker.com/id/1027242
Cisco TelePresence Multipoint Switch Lets Remote Users Deny Service and Remote Users on the Adjacent Network Execute Arbitrary Code
http://www.securitytracker.com/id/1027241
Linux Kernel epoll_ctl() Bug Lets Local Users Deny Service
http://www.securitytracker.com/id/1027237
Linux Kernel Session Keyring Bug in copy_creds() Lets Local Users Deny Service
http://www.securitytracker.com/id/1027236
Linux Kernel IPv6 Netfilter Connection Tracking Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1027235
Excellent Security Education Resources
http://isc.sans.edu/diary.html?storyid=13660
Kajona "getAllPassedParams()" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49849/
SUSE update for libgdata
http://secunia.com/advisories/49842/
SUSE update for mysql
http://secunia.com/advisories/49847/
SUSE update for opera
http://secunia.com/advisories/49818/
Puppet Multiple Vulnerabilities
http://secunia.com/advisories/49863/
SUSE update for pidgin
http://secunia.com/advisories/49820/
SUSE update for bind
http://secunia.com/advisories/49837/
WordPress WP Symposium Plugin Authentication Check Security Bypass
http://secunia.com/advisories/49791/
Cyberoam UTM Self-Signed Certificate Vulnerability
http://secunia.com/advisories/49799/
WordPress WP-Predict Plugin "predictSelection" and "predictId" SQL Injection Vulnerabilities
http://secunia.com/advisories/49843/
Intel Hybrid Cloud 64-bit Mode Sanity Check Privilege Escalation Vulnerability
http://secunia.com/advisories/49817/
REMOTE: Java Applet Field Bytecode Verifier Cache Remote Code Execution
http://www.exploit-db.com/exploits/19717
REMOTE: AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution
http://www.exploit-db.com/exploits/19718
DoS/PoC: Checkpoint Abra Multiple Vulnerabilities
http://www.exploit-db.com/exploits/19716
Microsoft Products Multiple Code Execution and Privilege Escalation
http://www.vupen.com/english/ADV-2012-0314.php
VLC Media Player "ScanDvbSNextFast()" Buffer Overflow Vulnerability
http://www.vupen.com/english/ADV-2012-0313.php
VLC Media Player VC1 Packetizer "DecodeRIDU()" Buffer Overflow
http://www.vupen.com/english/ADV-2012-0312.php
VLC Media Player "Ogg_DecodePacket()" Buffer Overflow Vulnerability
http://www.vupen.com/english/ADV-2012-0311.php
Pidgin MXit "mxit_show_message()" Remote Buffer Overflow Vulnerability
http://www.vupen.com/english/ADV-2012-0310.php
RSA Access Manager Session Replay Authentication Bypass Vulnerability
http://www.vupen.com/english/ADV-2012-0309.php
SPIP "connect" Parameter Processing Remote PHP Command Injection
http://www.vupen.com/english/ADV-2012-0308.php
Windows Kernel ReadLayoutFile Heap Overflow
http://cxsecurity.com/issue/WLB-2012070070
IE9 SharePoint Lync: toStaticHTML HTML Sanitizing Bypass
http://cxsecurity.com/issue/WLB-2012070069
cyberschool CMS [FCKeditor] Arbitrary File Upload Vulnerability
http://cxsecurity.com/issue/WLB-2012070068
Netsweeper WebAdmin Portal Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012070067
Drupal Book Block Module V.6.x-1.0-beta1 XSS Vulnerability
http://cxsecurity.com/issue/WLB-2012070066
Java Applet Field Bytecode Verifier Cache Remote Code Execution
http://cxsecurity.com/issue/WLB-2012070065
WebsitePanel CMS Open Redirect
http://cxsecurity.com/issue/WLB-2012070064
WordPress WP-Predict 1.0 Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012070063
AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2012070062
Microsoft Windows CVE-2012-1890 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54285
Linux Kernel IPv6 'nf_ct_frag6_reasm()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54367
Linux Kernel Key Management CVE-2012-2745 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54365
Linux Kernel 'fs/eventpoll.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54283
Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630
Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856
Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961
plow '.plowrc' File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54290
Rhythmbox 'context' Plugin Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/54186
X.Org Input Device Format String Vulnerability
http://www.securityfocus.com/bid/53150
OpenJPEG Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54373
OpenJPEG Gray16 TIFF Image File Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53012
Microsoft Internet Explorer And Microsoft Lync HTML Sanitizing Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53842
Linux Kernel 'i915_gem_execbuffer.c' Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/53971
Linux Kernel 'SG_IO IOCTL' SCSI Request Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51176
WordPress WP-Predict Plugin 'index.php' Script Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54370
JBoss 'mod_cluster' CVE-2012-1154 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54086
OpenLDAP LDAP Search Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52404
Wireshark Multiple Dissector Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53651
Oracle MySQL CVE-2012-2122 User Login Security Bypass Vulnerability
http://www.securityfocus.com/bid/53911
RESTEasy XML Entity References Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51748
RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/54318
Pidgin 'mxit_show_message()' Function Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54322
Wireshark DIAMETER Dissector Denial of Service Vulnerability
http://www.securityfocus.com/bid/53652
Wireshark Misaligned Memory Denial of Service Vulnerability
http://www.securityfocus.com/bid/53653
Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52611
Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52610
Multiple AntiVirus Products CVE-2012-1459 TAR File Scan Evasion Vulnerability
http://www.securityfocus.com/bid/52623
Drupal Drupal Commons Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/54393
FileZilla Server CPU Exhaustion Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54392
Kajona 'getAllPassedParams()' Function Multiple Cross-Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54391
SMC Networks SMC8024L2 Switch Web Interface Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/54390
Cisco TelePresence Immersive Endpoint Devices CVE-2012-3074 Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54389
OpenStack Compute (Nova) CVE-2012-3371 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/54388
Cisco TelePresence Immersive Endpoint Devices Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54387
Google Chrome Prior to 20.0.1132.57 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54386
Cisco TelePresence Recording Server Web Interface Remote Command Injection Vulnerability
http://www.securityfocus.com/bid/54385
Multiple Cisco Products Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54384
Cisco Multiple Products CVE-2012-3073 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54382
Drupal Drag & Drop Gallery Module Arbitrary PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/54380
Drupal Search Autocomplete Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/54379
Drupal Listhandler Module Access Security Bypass Vulnerability
http://www.securityfocus.com/bid/54376
WordPress WP Symposium Plugin 'symposium_ajax_functions.php' Security Bypass Vulnerability
http://www.securityfocus.com/bid/54375
GNU glibc Formatted Printing Functionality Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54374
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿