:: IT Security Neophyte Investigator's MEMO ::: 19日木曜日、赤口

2012年7月19日木曜日

19日木曜日、赤口

+ RHSA-2012:1098 Moderate: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1098.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3406

+ RHSA-2012:1097 Moderate: glibc security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1097.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-340

+ CESA-2012:1088 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/507291/

+ CESA-2012:1089 Critical CentOS 6 thunderbird Update
http://lwn.net/Alerts/507293/

+ CESA-2012:1091 Moderate CentOS 6 nss Update
http://lwn.net/Alerts/507295/

+ CESA-2012:1088 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/507292/

+ CESA-2012:1089 Critical CentOS 5 thunderbird Update
http://lwn.net/Alerts/507294/

+ CESA-2012:1090 Moderate CentOS 5 nss Update
http://lwn.net/Alerts/507296/

+ UPDATE: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

+ UPDATE: Jabber Extensible Communications Platform and Cisco Unified Presence XML Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-xcpcupsxml

+ UPDATE: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-webex

+ UPDATE: Cisco Unified Communications Manager Memory Leak Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110928-cucm

+ Denial of Service (DoS) vulnerability in BIND
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1667_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667

Crossbeam apms crashes when the virtual system is added to the vpn community (18-7-2012)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62714&src=securityAlerts

ウイルスバスタービジネスセキュリティ 7.0 用Critical Patch公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1817

「脆弱性体験学習ツールAppGoatハンズオンセミナー」開催のご案内
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_appgoat_2012_3.html

「脆弱性対策情報の収集と活用 ―入門編―」セミナー開催のお知らせ
～共通脆弱性評価システムCVSS を利用した脆弱性の評価～
http://www.ipa.go.jp/security/vuln/seminar/lab_semi_scap_2012_1.html

不正.JARファイルをダウンロードする偽Skypeアプリ
http://itpro.nikkeibp.co.jp/article/COLUMN/20120717/409562/?ST=security

Yahoo!メールが送信ドメイン認証DKIMに対応、技術仕様も公開
http://itpro.nikkeibp.co.jp/article/NEWS/20120718/409961/?ST=security

マカフィー、ロンドンオリンピック開催に便乗した詐欺メールの増加に警戒を呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20120718/409843/?ST=security

チェックしておきたい脆弱性情報＜2012.07.18＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20120717/409501/?ST=security

JVNVU#118913 Oracle Outside In に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU118913/

[slackware-security] mozilla-thunderbird (SSA:2012-200-03)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00118.html

[slackware-security] seamonkey (SSA:2012-200-04)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00119.html

[slackware-security] mozilla-firefox (SSA:2012-200-02)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00117.html

[SECURITY] [DSA 2514-1] iceweasel security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-07/msg00116.html

Snort Updated today
http://isc.sans.edu/diary.html?storyid=13741

Vote NO to Weak Keys!
http://isc.sans.edu/diary.html?storyid=13732

Vote NO to Weak Encryption!
http://isc.sans.edu/diary.html?storyid=13738

Glibc Multiple Bugs Allow FORTIFY_SOURCE Protection Mechanism to Be Bypassed
http://www.securitytracker.com/id/1027280

Barracuda SSL VPN Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027279

SPARC T-Series Sun Integrated Lights-Out Manager Lets Local Users Access and Modify Data and Deny Service
http://www.securitytracker.com/id/1027275

Solaris Multiple Bugs Let Remote Users Access and Modify Data and Deny Service and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027274

Oracle Hyperion Bug Lets Remote Users Partially Modify Data
http://www.securitytracker.com/id/1027273

Oracle Application Express Listener Discloses Data to Remote Users
http://www.securitytracker.com/id/1027270

Oracle E-Business Suite Bugs Let Remote and Remote Authenticated Users Partially Modify Data
http://www.securitytracker.com/id/1027269

Oracle Supply Chain Products Suite Bugs Let Remote Users Partially Modify Data and Remote Authenticated Users Partially Access Data and Deny Service
http://www.securitytracker.com/id/1027268

Oracle Siebel CRM Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1027267

Oracle Industry Applications Clinical Remote Data Capture Option Bug Lets Remote Authenticated Users Partially Access Data
http://www.securitytracker.com/id/1027266

ProQuiz v2.0.2 Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012070124

Forum Oxalis 0.1.2 <= SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012070123

Dr.Web Anti-Virus 7.00.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012070122

AVAVoIP 1.5.12 Cross Site Scripting / Shell Upload
http://cxsecurity.com/issue/WLB-2012070121

KeyPass Password Safe 1.22 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012070120

eXtplorer "lang" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49453/

AVAVoIP Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/49970/

Oracle E-Business Suite Multiple Data Manipulation and Security Bypass Vulnerabilities
http://secunia.com/advisories/49942/

Red Hat update for thunderbird
http://secunia.com/advisories/49977/

Red Hat update for firefox
http://secunia.com/advisories/49979/

Red Hat update for nss, nspr, and nss-util
http://secunia.com/advisories/49976/

Dr.Web Anti-virus for Android Information Disclosure Security Issue
http://secunia.com/advisories/49990/

SUSE update for gypsy
http://secunia.com/advisories/49991/

Oracle iPlanet Web Server Unspecified Denial of Service
http://secunia.com/advisories/49960/

Oracle PeopleSoft Enterprise PeopleTools Multiple Vulnerabilities
http://secunia.com/advisories/49951/

Oracle Integrated Lights Out Manager Unspecified Privilege Escalation
http://secunia.com/advisories/49961/

Oracle Solaris Cluster Apache Tomcat Agent Privilege Escalation
http://secunia.com/advisories/49958/

Oracle PeopleSoft Enterprise HRMS Multiple Vulnerabilities
http://secunia.com/advisories/49950/

Oracle Siebel CRM Multiple Vulnerabilities
http://secunia.com/advisories/49952/

Oracle Application Server Multiple Vulnerabilities
http://secunia.com/advisories/49918/

Debian update for iceape
http://secunia.com/advisories/49963/

Debian update for iceweasel
http://secunia.com/advisories/49964/

Ubuntu update for thunderbird
http://secunia.com/advisories/49968/

Ubuntu update for firefox
http://secunia.com/advisories/49972/

GlassFish Enterprise Server Mojarra EL Expression Evaluation Security Bypass
http://secunia.com/advisories/49956/

Oracle JRockit Multiple Vulnerabilities
http://secunia.com/advisories/49932/

Oracle Enterprise Manager Grid Control DB Performance Advisories/UIs Vulnerability
http://secunia.com/advisories/49937/

Oracle Secure Backup Two Vulnerabilities
http://secunia.com/advisories/49884/

Oracle Database Multiple Vulnerabilities
http://secunia.com/advisories/49881/

Oracle Outside In Technology Multiple Vulnerabilities
http://secunia.com/advisories/49936/

Mozilla Thunderbird / SeaMonkey Multiple Vulnerabilities
http://secunia.com/advisories/49994/

Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/49992/

Mozilla Thunderbird Multiple Vulnerabilities
http://secunia.com/advisories/49993/

Mozilla Firefox Multiple Vulnerabilities
http://secunia.com/advisories/49965/

Barracuda SSL VPN Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49982/

Oracle HTTP Server Multiple Vulnerabilities
http://secunia.com/advisories/49893/

Oracle MapViewer Three Vulnerabilities
http://secunia.com/advisories/49934/

Oracle Hyperion Business Intelligence Plus Data Manipulation Vulnerability
http://secunia.com/advisories/49924/

Oracle AutoVue Two Vulnerabilities
http://secunia.com/advisories/49947/

Oracle Transportation Management Three Vulnerabilities
http://secunia.com/advisories/49943/

Oracle Clinical Remote Data Capture Option Unspecified Information Disclosure
http://secunia.com/advisories/49955/

Oracle MySQL Server Multiple Denial of Service Vulnerabilities
http://secunia.com/advisories/49955/

Microsoft Windows CVE-2012-1890 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54285

Microsoft Windows CVE-2012-1893 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54302

WinGraphviz 'WinGraphviz.dll' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54458

Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/54585

Mozilla Firefox CVE-2012-1965 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54579

Mozilla Firefox CVE-2012-1966 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54577

Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798

Oracle Outside In Technology CVE-2012-1771 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54543

Oracle Outside In Technology CVE-2012-1770 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54541

Oracle Outside In Technology CVE-2012-1772 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54497

Linux Kernel Key Management CVE-2012-2745 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54365

Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630

Linux Kernel 'fs/eventpoll.c' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/54283

Oracle Outside In Technology CVE-2012-3107 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54504

Oracle Outside In Technology CVE-2012-3106 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54546

Oracle Outside In Technology CVE-2012-1773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54548

Oracle Outside In Technology CVE-2012-1769 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54500

Oracle Outside In Technology CVE-2012-1767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54511

Oracle Outside In Technology CVE-2012-1768 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54536

Oracle Outside In Technology CVE-2012-3109 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54554

Oracle Outside In Technology CVE-2012-1766 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54531

Oracle Outside In Technology CVE-2012-3110 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54506

Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54308

Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53934

Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54578

Oracle Java SE CVE-2011-3548 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50211

Microsoft Internet Explorer CVE-2012-1524 Attribute Remove Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54294

Microsoft Internet Explorer CVE-2012-1522 Cached Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54293

Oracle Outside In Technology CVE-2012-3108 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54550

GNU glibc Formatted Printing Functionality Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54374

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1964 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54581

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1955 Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/54586

Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54580

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1967 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54573

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1959 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54576

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1957 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54583

Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1961 Clickjacking Vulnerability
http://www.securityfocus.com/bid/54584

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54574

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54575

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1960 Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54572

Xen 'syscall/sysenter' Instruction Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53955

Xen 64-bit PV Guests Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53961

Intel CPU Hardware Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53856

Linux Kernel 'sock_alloc_send_pskb()' Function Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53721

Oracle Java SE and Java for Business CVE-2011-0815 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48143

Oracle Java SE and Java for Business CVE-2011-0814 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48145

Oracle Java SE CVE-2012-0500 Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52015

Oracle Java SE and Java for Business CVE-2011-0817 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48134

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778

Oracle Java SE CVE-2011-3516 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50229

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE and Java for Business CVE-2010-4469 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46400

Oracle Java SE and Java for Business CVE-2010-4468 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46393

Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50226

Oracle GlassFish Server Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51194

Oracle Java SE CVE-2011-3551 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50224

Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50246

Oracle Java SE and Java for Business Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46394

Oracle Java SE and Java for Business Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/46386

Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50248

Oracle Java SE and Java for Business CVE-2010-4473 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46403

Oracle Java SE and Java for Business CVE-2010-4472 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46404

Oracle Java SE and Java for Business CVE-2010-4475 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46410

Oracle Java SE and Java for Business CVE-2011-0786 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48133

Oracle Java Floating-Point Value Denial of Service Vulnerability
http://www.securityfocus.com/bid/46091

Oracle Java SE and Java for Business ICC Profile Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/48137

Oracle Java SE and Java for Business CVE-2011-0863 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48138

Oracle Java SE CVE-2011-3555 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50237

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
http://www.securityfocus.com/bid/52013

Oracle Java SE CVE-2011-3556 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50231

Oracle Java SE CVE-2011-3521 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50215

Oracle Java SE and Java for Business CVE-2011-0867 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48144

Oracle Java SE and Java for Business CVE-2010-4447 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/46409

Oracle Java SE and Java for Business CVE-2011-0802 Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/48149

Oracle Java SE and Java for Business CVE-2011-0864 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48139

Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50234

Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50218

Oracle Java SE and Java for Business CVE-2011-0866 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/48136

Oracle Java SE CVE-2011-3554 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50216

Oracle Java SE CVE-2011-3549 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/50223

HP StorageWorks File Migration Agent 'RsaFTP.dll' Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54596

HP StorageWorks File Migration Agent 'RsaCIFS.dll' Stack-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54595

Barracuda SSL VPN Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54593

Dr. Web Anti-Virus for Android Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54592

eXtplorer 'lang' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54590

Oracle MySQL Server CVE-2012-1756 Remote Security Vulnerability
http://www.securityfocus.com/bid/54524

Oracle Database Server CVE-2012-1747 Remote Network Layer Vulnerability
http://www.securityfocus.com/bid/54518

Oracle Database Server CVE-2012-1746 Remote Network Layer Vulnerability
http://www.securityfocus.com/bid/54507

Oracle Database Server CVE-2012-1745 Remote Network Layer Vulnerability
http://www.securityfocus.com/bid/54501

Oracle Database Server CVE-2012-3134 Remote Core RDBMS Vulnerability
http://www.securityfocus.com/bid/54496

:: IT Security Neophyte Investigator's MEMO ::

2012年7月19日木曜日

19日木曜日、赤口

0 件のコメント:

コメントを投稿

2012年7月19日木曜日

19日 木曜日、赤口

0 件のコメント:

コメントを投稿

19日木曜日、赤口