2012年8月2日木曜日
2日 木曜日、友引
+ RHSA-2012:1135 Important: libreoffice security update
http://rhn.redhat.com/errata/RHSA-2012-1135.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2665
+ nginx-1.3.4 development version released
http://nginx.org/en/CHANGES
+ Dovecot 2.1.9 released
http://www.dovecot.org/list/dovecot-news/2012-August/000229.html
+ Linux kernel 3.0.39 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.39
+ SA50081 Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability
http://secunia.com/advisories/50081/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3412
+ SA50105 Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/50105/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2854
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2855
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2856
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2860
+ Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3412
Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required
http://www.sophos.com/en-us/support/knowledgebase/117480.aspx
グーグルの「Bouncer」をかわす方法、セキュリティ研究者が実証
http://itpro.nikkeibp.co.jp/article/COLUMN/20120727/412347/?ST=security
主要クラウドの調査結果(後編)
http://itpro.nikkeibp.co.jp/article/COLUMN/20120625/405112/?ST=security
J:COMが利用者向け無料セキュリティーサービス「マカフィー for ZAQ」提供
http://itpro.nikkeibp.co.jp/article/NEWS/20120801/413462/?ST=security
ブルーコートが企業ネット向けのモバイルアプリ管理ソリューション
http://itpro.nikkeibp.co.jp/article/NEWS/20120801/413263/?ST=security
トレンドマイクロ、コンシューマー向け新製品を次々と提供予定
「ウイルスバスター」以外にも注力、5年で売上高45%増を目指す
http://itpro.nikkeibp.co.jp/article/NEWS/20120801/413184/?ST=security
JVNDB-2012-003307 Plixer Scrutinizer (Dell SonicWALL Scrutinizer) に SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003307.html
JVNDB-2012-003436 Plixer Scrutinizer (Dell SonicWALL Scrutinizer) における任意の SQL コマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003436.html
JVNDB-2012-003435 Plixer Scrutinizer (Dell SonicWALL Scrutinizer) におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003435.html
JVNDB-2012-003434 Plixer Scrutinizer (Dell SonicWALL Scrutinizer) における任意のファイルを作成または上書きされる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003434.html
JVNDB-2012-003433 Plixer Scrutinizer (Dell SonicWALL Scrutinizer) における管理者アカウントを追加される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003433.html
JVNDB-2012-003432 OpenStack Keystone における承認の制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003432.html
JVNDB-2012-003431 ICONICS GENESIS32 および BizViz におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003431.html
JVNDB-2012-003430 Siemens SIMATIC S7-400 PN CPU におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003430.html
JVNDB-2012-003429 Siemens SIMATIC S7-400 PN CPU におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003429.html
JVNDB-2012-003428 IBM Scale Out Network Attached Storage における任意の Linux コマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003428.html
JVNDB-2012-003427 IBM AIX のカーネルにおけるサービス運用妨害 (システムクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003427.html
JVNDB-2012-003426 Bugzilla の Template.pm における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003426.html
JVNDB-2011-002305 SSL と TLS の CBC モードに選択平文攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002305.html
JVNDB-2012-003425 Bugzilla における記載された重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003425.html
JVNDB-2012-002235 PHP-CGI の query string の処理に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002235.html
JVNDB-2012-001014 libxml2 におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001014.html
JVNDB-2011-003380 Google Chrome などで使用される libxml2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-003380.html
JVNDB-2011-002637 libxml2 におけるメモリ二重開放の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002637.html
JVNDB-2011-002992 libxml2 におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002992.html
JVNDB-2011-002041 Apple Safari などの製品で利用される libxml における一つずれエラーの脆弱性
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-002041.html
JVNDB-2012-002068 curl および libcurl におけるデータインジェクション攻撃の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002068.html
JVNDB-2012-001374 複数の製品で使用される Webkit におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001374.html
JVNDB-2012-001186 複数の製品で使用される Webkit におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001186.html
[SECURITY] [DSA 2519-1] isc-dhcp security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00010.html
[ MDVSA-2012:111 ] krb5
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00009.html
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Over
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00008.html
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Ove
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00007.html
Kaspersky PM 5.0.0.164 - Software Filter Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00006.html
ME Mobile Application Manager v10 - SQL Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00005.html
Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00004.html
ME Application Manager 10 - Multiple Web Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00003.html
Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00002.html
Barracuda Appliances - Validation Filter Bypass Vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00001.html
[SECURITY] [DSA 2518-1] krb5 security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00000.html
Google Chrome 21 and getUserMedia API
http://isc.sans.edu/diary.html?storyid=13819
Citrix Access Gateway Bugs Let Remote Users Traverse the Directory, Proxy Connections via the Target System, and Inject Text Content
http://www.securitytracker.com/id/1027336
Citrix Access Gateway Plug-in for Windows ActiveX Control Buffer Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027335
Linux Kernel SFC Driver TCP MSS Option Handling Denial of Service Vulnerability
http://secunia.com/advisories/50081/
Ubuntu update for icedtea-web
http://secunia.com/advisories/50106/
Joomla! Movm Component "id" SQL Injection Vulnerability
http://secunia.com/advisories/50109/
Red Hat update for icedtea-web
http://secunia.com/advisories/50089/
SUSE update for vte/gnome-terminal
http://secunia.com/advisories/50117/
SUSE update for libjpeg-turbo
http://secunia.com/advisories/50101/
SUSE update for wireshark
http://secunia.com/advisories/50110/
Dr.Web Enterprise Server Web-administrator Script Injection Vulnerability
http://secunia.com/advisories/50082/
Limny "escape()" SQL Injection Vulnerability
http://secunia.com/advisories/50108/
Debian update for krb5
http://secunia.com/advisories/50111/
Ubuntu update for krb5
http://secunia.com/advisories/50103/
Red Hat update for krb5
http://secunia.com/advisories/50087/
Kerberos KDC Two Memory Corruption Vulnerabilities
http://secunia.com/advisories/50041/
libvirt RPC Typed Parameters Handling Denial of Service Vulnerability
http://secunia.com/advisories/50118/
Joomla! RSGallery2 Component Script Insertion and SQL Injection Vulnerabilities
http://secunia.com/advisories/50119/
Red Hat update for JBoss Enterprise SOA Platform
http://secunia.com/advisories/50084/
Google Chrome Multiple Vulnerabilities
http://secunia.com/advisories/50105/
Red Hat update for xen
http://secunia.com/advisories/50096/
Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Vulnerabilities
http://secunia.com/advisories/45299/
eGlibc Signedness Vulnerability
http://cxsecurity.com/issue/WLB-2012080015
nvidia linux driver Privileges Escalation
http://cxsecurity.com/issue/WLB-2012080014
Kaspersky PM 5.0.0.164 Software Filter Vulnerability
http://cxsecurity.com/issue/WLB-2012080013
ALrowad SQL Injection
http://cxsecurity.com/issue/WLB-2012080012
GunBound Denial Of Service
http://cxsecurity.com/issue/WLB-2012080011
Distimo Monitor 6.0 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080010
ME Mobile Application Manager 10 SQL Injection
http://cxsecurity.com/issue/WLB-2012080009
Joomla Move 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012080008
Barracuda Application Validation Filter Bypass
http://cxsecurity.com/issue/WLB-2012080007
Barracuda SSL VPN 680 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080006
Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
http://cxsecurity.com/issue/WLB-2012080005
pBot Remote Code Execution
http://cxsecurity.com/issue/WLB-2012080004
Temenos T24 R07.03 Authentication Bypass
http://cxsecurity.com/issue/WLB-2012080003
Temenos T24 R07.03 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080002
WebPageTest Arbitrary PHP File Upload
http://cxsecurity.com/issue/WLB-2012080001
REMOTE: pBot Remote Code Execution
http://www.exploit-db.com/exploits/20168
DoS/PoC: eGlibc Signedness Code Execution Vulnerability
http://www.exploit-db.com/exploits/20167
Google Chrome Multiple Memory Corruptions and Information Disclosure
http://www.vupen.com/english/ADV-2012-0334.php
Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Buffer Overflow
http://www.vupen.com/english/ADV-2012-0333.php
Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Integer Overflow
http://www.vupen.com/english/ADV-2012-0332.php
Apple Xcode SSL and Helper Tools Information Disclosure Vulnerabilities
http://www.vupen.com/english/ADV-2012-0331.php
Apple Safari for Mac OS X Multiple Code Execution and Security Bypass
http://www.vupen.com/english/ADV-2012-0330.php
ISC DHCP Multiple Memory Leaks and Denial of Service Vulnerabilities
http://www.vupen.com/english/ADV-2012-0329.php
ISC BIND Memory Leak and Assertion Failure DoS Vulnerabilities
http://www.vupen.com/english/ADV-2012-0328.php
Wireshark PPP and NFS Dissectors Denial of Service Vulnerabilities
http://www.vupen.com/english/ADV-2012-0327.php
Symantec System Recovery DLL Loading Remote Code Execution
http://www.vupen.com/english/ADV-2012-0326.php
Symantec Web Gateway Command Execution and SQL Injection
http://www.vupen.com/english/ADV-2012-0325.php
Mozilla Products Multiple Remote Code Execution and Security Bypass
http://www.vupen.com/english/ADV-2012-0324.php
Oracle Products Multiple Remote Code Execution and Security Bypass
http://www.vupen.com/english/ADV-2012-0323.php
HP StorageWorks File Migration Agent RsaFTP Remote Code Execution
http://www.vupen.com/english/ADV-2012-0322.php
HP StorageWorks File Migration Agent RsaCIFS Remote Code Execution
http://www.vupen.com/english/ADV-2012-0321.php
RSA Authentication Manager Cross Site Scripting and Open Redirection
http://www.vupen.com/english/ADV-2012-0320.php
EMC Celerra/VNX/VNXe Improper Access Control Vulnerability
http://www.vupen.com/english/ADV-2012-0319.php
Cisco TelePresence Multipoint Switch Code Execution and DoS
http://www.vupen.com/english/ADV-2012-0318.php
Cisco TelePresence Manager Code Execution and DoS Vulnerabilities
http://www.vupen.com/english/ADV-2012-0317.php
Cisco TelePresence Immersive Endpoint Devices Multiple Vulnerabilities
http://www.vupen.com/english/ADV-2012-0316.php
Cisco TelePresence Recording Server Multiple Vulnerabilities
http://www.vupen.com/english/ADV-2012-0315.php
libjpeg-turbo Heap-Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54480
SpecView Web Server Directory Traversal Vulnerability
http://www.securityfocus.com/bid/54243
Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53811
Sielco Sistemi Winlog Pro Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54212
ISC DHCP Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54665
ISC DHCP Regular Expressions Denial of Service Vulnerability
http://www.securityfocus.com/bid/50971
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1960 Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54572
MIT Kerberos 5 Uninitialized Pointer Dereference Remote Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/54750
Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54578
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1955 Location Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/54586
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1958 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54574
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-1957 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/54583
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1967 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/54573
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/54575
Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/54580
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1959 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54576
Mozilla Firefox, SeaMonkey, and Thunderbird Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54582
eglibc Signedness Error Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/48801
Xen PyGrub Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53650
Dr. Web Enterprise Security Suite 'username' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/54735
Joomla RSGallery2 Component HTML Injection and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54752
WebPagetest Multiple Input Validation Vulnerabilities
http://www.securityfocus.com/bid/54442
MIT Kerberos 5 'check_1_6_dummy()' Function NULL Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53784
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957
Microsoft Internet Explorer CVE-2012-1876 Col Element Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53848
Drupal Monthly Archive by Node Type Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/54768
WordPress G-Lock Double Opt-in Manager Plugin SQL Injection Vulnerability
http://www.securityfocus.com/bid/54767
Drupal Excluded Users Module Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/54766
Joomla! Nice Ajax Poll Component 'getpliseid' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54764
Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763
Barracuda SSL VPN Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54761
Kaspersky Password Manager HTML Injection Vulnerability
http://www.securityfocus.com/bid/54760
ManageEngine Applications Manager Multiple Cross Site Scripting and SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54759
Joomla Movm Component 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/54758
Distimo Monitor Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54757
ManageEngine Applications Manager Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/54756
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿