:: IT Security Neophyte Investigator's MEMO ::: 22日水曜日、大安

2012年8月22日水曜日

22日水曜日、大安

+ Google Chrome 21.0.1180.81 released
http://googlechromereleases.blogspot.jp/2012/08/stable-channel-update_21.html

+ nginx 1.3.5 development version released
http://nginx.org/en/download.html

+ APSB12-19 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb12-19.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4168

+ CESA-2012:1180 Moderate CentOS 6 gimp Update
http://lwn.net/Alerts/512724/

+ CVE-2012-1820 Denial of Service (DoS) vulnerability in Quagga
https://blogs.oracle.com/sunsecurity/entry/cve_2012_1820_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1820

+ Multiple vulnerabilities in Pidgin
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_pidgin
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2318

+ CVE-2012-0841 Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841

+ CVE-2011-3102 Numeric Errors vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_3102_numeric_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102

+ CVE-2010-4008 Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2010_4008_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008

+ Multiple Denial of Service (DoS) vulnerabilities in libxml2
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3919

+ CVE-2011-0216 Denial of Service (DoS) vulnerability in libxml2
https://blogs.oracle.com/sunsecurity/entry/cve_2011_0216_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0216

+ Multiple Denial of Service (DoS) vulnerabilities in libxml2
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2834

+ CVE-2012-2370 Denial of Service (DoS) vulnerability in GTK+
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2370_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2370

+ Multiple Denial of Service (DoS) vulnerabilities in ISC DHCP
https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954

+ CVE-2012-3817 Denial of Service (DoS) vulnerability in Bind
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3817_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817

+ Multiple vulnerabilities in Foomatic
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_foomatic
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2964

+ Multiple Vulnerabilities in Quagga
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_quagga
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0248
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0255

+ CVE-2012-2088 Denial of Service (DoS) vulnerability in libtiff
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2088_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088

+ CVE-2012-2113 Denial of Service (DoS) vulnerability in libtiff
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2113_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113

+ RHSA-2012:1174 Low: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2012-1174.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2313

+ SA50340 Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/50340/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2962
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2319

+ Google Chrome OS CVE-2012-2864 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55135
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2864

+ Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3502

+ Oracle MySQL CVE-2012-2749 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2749

[ MDVSA-2012:141 ] openslp
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-08/msg00134.html

アプリに実装できるセキュリティを知る
http://itpro.nikkeibp.co.jp/article/COLUMN/20120810/415585/?ST=security

次世代ファイアウォール対応のログ解析ソフト、日立ソリューションズが発売
http://itpro.nikkeibp.co.jp/article/NEWS/20120821/416970/?ST=security

Apache Tomcat Hash Collision Denial Of Service Vulnerability UPDATED
http://www.securiteam.com/securitynews/5NP3G0080E.html

YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
http://isc.sans.edu/diary.html?storyid=13942

RuggedCom fails key management 101 on Rugged Operating System (ROS)
http://isc.sans.edu/diary.html?storyid=13948

Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
http://www.securitytracker.com/id/1027421

Sielco Sistemi Winlog <= 2.07.16 Integer Overflow
http://cxsecurity.com/issue/WLB-2012080179

KDE Calligra and KOffice Input Validation Failure
http://cxsecurity.com/issue/WLB-2012080178

Internet Explorer 8 (ieframe.dll) null pointer dereference
http://cxsecurity.com/issue/WLB-2012080177

ocPoral CMS 8.x Session Hijacking Vulnerability
http://cxsecurity.com/issue/WLB-2012080176

ClipBucket 2.5 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012080175

JPM Article Blog Script 6 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080174

ocPortal CMS 8.x Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012080173

Cube7 CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012080172

Moodle CMS 2.2.1 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080171

SysAid Helpdesk Pro 8.5.04 Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012080170

SysAid Helpdesk Pro 8.5.04 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012080169

ICAL 1.0 SQL Injection
http://cxsecurity.com/issue/WLB-2012080168

PG Portal Pro Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50315/

SaltOS URL PHPExcel Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50312/

OCaml Xml-Light Library Hash Collision Denial of Service Vulnerability
http://secunia.com/advisories/50311/

Hivemail Email Body Script Insertion Vulnerability
http://secunia.com/advisories/50317/

Linux Kernel Multiple Vulnerabilities
http://secunia.com/advisories/50340/

FishEye / Crucible Anonymous Signup and Access Security Bypass Security Issue
http://secunia.com/advisories/50335/

Hupa Email Subject and Body Script Insertion Vulnerabilities
http://secunia.com/advisories/50303/

SAP NetWeaver SAPHostControl Service Command Injection Vulnerability
http://secunia.com/advisories/50309/

Red Hat update for gimp
http://secunia.com/advisories/50358/

Apple Remote Desktop Information Disclosure Security Issue
http://secunia.com/advisories/50352/

Red Hat update for gimp
http://secunia.com/advisories/50324/

YourArcadeScript "id" SQL Injection Vulnerability
http://secunia.com/advisories/50319/

IOServer Web Interface Directory Traversal Vulnerability
http://secunia.com/advisories/50297/

Ubuntu update for libconfig-inifiles-perl
http://secunia.com/advisories/50336/

Ubuntu update for postgresql
http://secunia.com/advisories/50338/

SUSE update for dhcp
http://secunia.com/advisories/50357/

SAP BusinessObjects Financial Consolidation CtAppReg.dll Buffer Overflow
http://secunia.com/advisories/50306/

SAP Crystal Reports ebus-3-3-2-7.dll Buffer Overflow Vulnerability
http://secunia.com/advisories/50300/

ManageEngine OpUtils SNMP Contact and Location Script Insertion Vulnerabilities
http://secunia.com/advisories/50333/

Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53970

Ruby on Rails CVE-2012-2660 SQL Injection Vulnerability
http://www.securityfocus.com/bid/53754

Ruby on Rails CVE-2012-2694 Unsafe SQL Query Generation Vulnerability
http://www.securityfocus.com/bid/53976

GNU glibc Formatted Printing Functionality Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54374

Symantec Web Gateway Password Change Security Bypass Vulnerability
http://www.securityfocus.com/bid/54430

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

Ruby on Rails Active Record SQL Injection Vulnerability
http://www.securityfocus.com/bid/53753

Microsoft .NET Framework Parameter Validation Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52921

GIMP Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55101

Linux Kernel 'tpm_read()' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50764

Linux Kernel 'hfs_mac2asc()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50750

Linux Kernel HFS Plus Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53401

Linux Kernel 915 GEM IOCTL Local Memory Overwrite Vulnerability
http://www.securityfocus.com/bid/44067

Linux Kernel EXT4 'ext4_fill_flex_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53414

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
http://www.securityfocus.com/bid/46767

Sielco Sistemi Winlog Pro Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54212

keepalived Insecure PID Files Insecure File Permissions Vulnerability
http://www.securityfocus.com/bid/47859

GRBoard Multiple SQL Injection and Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55110

SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53424

Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/43677

Lattice Diamond Programmer Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54149

Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798

Splunk Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52320

Microsoft Excel 'MergeCells' Record Heap Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53376

IBM Rational ClearQuest Cross Site Scripting and Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/54222

Citrix Provisioning Services Server Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53330

OpenSLP Extension Parser Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/46772

Oracle Outside In Technology CVE-2012-3108 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54550

Oracle Outside In Technology CVE-2012-1770 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54541

Oracle Outside In Technology CVE-2012-3107 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54504

Oracle Outside In Technology CVE-2012-1768 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54536

Oracle Outside In Technology CVE-2012-1769 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54500

Oracle Outside In Technology CVE-2012-1766 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54531

Oracle Outside In Technology CVE-2012-1767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54511

Oracle Outside In Technology CVE-2012-3106 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54546

Oracle Outside In Technology CVE-2012-3109 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54554

Oracle Outside In Technology CVE-2012-1771 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54543

Oracle Outside In Technology CVE-2012-1772 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54497

Oracle Outside In Technology CVE-2012-1773 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54548

Oracle Outside In Technology CVE-2012-3110 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/54506

Joomla! JCE Component 'file.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/51002

Sielco Sistemi Winlog Lite Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53811

GIMP GIF Image Parsing 'LZWReadByte()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49148

GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040

Perl Config::IniFiles Module Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53361

PostgreSQL 'xslt_process()' Function Arbitrary File Creation or Overwrite Vulnerability
http://www.securityfocus.com/bid/55072

PostgreSQL 'xml_parse()' Function Arbitrary File Access Vulnerability
http://www.securityfocus.com/bid/55074

ClipBucket 'file_results.php' Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55139

Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55136

Google Chrome OS CVE-2012-2864 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55135

HP SAN/iQ Multiple Remote Command Injection Vulnerabilities
http://www.securityfocus.com/bid/55133

Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55131

Tor Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55128

XODA Arbitrary File Upload and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55127

GeSHi Multiple Local File Include and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55124

Rugged Operating System Private Key Disclosure Vulnerability
http://www.securityfocus.com/bid/55123

Oracle MySQL CVE-2012-2749 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55120

JPM Article Blog Script 6 'tid' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55112

Atlassian JIRA FishEye and Crucible Plugins 'Third Party Frameworks' Security Bypass Vulnerability
http://www.securityfocus.com/bid/55108

:: IT Security Neophyte Investigator's MEMO ::

2012年8月22日水曜日

22日水曜日、大安

0 件のコメント:

コメントを投稿

2012年8月22日水曜日

22日 水曜日、大安

0 件のコメント:

コメントを投稿

22日水曜日、大安