2012年9月25日火曜日
25日 火曜日、大安
+ Google Chrome 21.0.1180.90 for Mac released
http://googlechromereleases.blogspot.jp/2012/09/stable-channel-update.html
+ Google Chrome for iOS 21.0.1180.82 released
http://googlechromereleases.blogspot.jp/2012/09/chrome-for-ios-update_24.html
+ Apache OpenOffice 3.4.1 released
http://www.openoffice.org/development/releases/3.4.1.html
+ squid 3.1.21 released
http://www.squid-cache.org/Versions/v3/3.1/RELEASENOTES.html
+ UPDATE: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
+ Samba 3.5.18 Available for Download
http://samba.org/samba/history/samba-3.5.18.html
+ PostgreSQL 9.2.1, 9.1.6, 9.0.10, 8.4.14, 8.3.21 released
http://www.postgresql.org/docs/9.2/static/release-9-2-1.html
http://www.postgresql.org/docs/9.1/static/release-9-1-6.html
http://www.postgresql.org/docs/9.0/static/release-9-0-10.html
http://www.postgresql.org/docs/8.4/static/release-8-4-14.html
http://www.postgresql.org/docs/8.3/static/release-8-3-21.html
Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
チェックしておきたい脆弱性情報<2012.09.25>
http://itpro.nikkeibp.co.jp/article/COLUMN/20120924/424652/?ST=security
Windows 8用のIE10に早くも脆弱性
http://itpro.nikkeibp.co.jp/article/NEWS/20120924/424842/?ST=security
ソフトバンク販売代理店における端末盗難事件、個人情報も漏洩
http://itpro.nikkeibp.co.jp/article/NEWS/20120924/424722/?ST=security
「対策方法無し」の脆弱性に対応するIEの更新プログラム公開、「直ちに適用」推奨
http://itpro.nikkeibp.co.jp/article/NEWS/20120924/424701/?ST=security
JVNTA12-262A Internet Explorer への攻撃に関する Microsoft Security Advisory (2757760) 公開
http://jvn.jp/cert/JVNTA12-262A/
JVNVU#480095 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU480095/
JVNTA12-265A Internet Explorer の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA12-265A/
JVNDB-2012-004553 Apple iOS 6 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004553.html
JVNDB-2012-004552 Apple iOS 6 未満の UIKit における平文のファイルコンテンツを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004552.html
JVNDB-2012-004551 Apple iOS 6 未満におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004551.html
JVNDB-2012-004550 Apple iOS 6 未満におけるテキストコミュニケーションを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004550.html
JVNDB-2012-004549 Apple iOS 6 未満のシステムログの実装における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004549.html
JVNDB-2012-004548 Apple iOS 6 未満の Safari における https 接続に偽装される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004548.html
JVNDB-2012-004547 Apple iOS 6 未満の制限の実装における Apple ID 認証ステップを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004547.html
JVNDB-2012-004546 Apple iOS 6 未満のパスコードロックの実装におけるパスコード要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004546.html
JVNDB-2012-004545 Apple iOS の CFNetwork における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004545.html
JVNDB-2012-004544 Apple iOS の DHCP コンポーネントにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004544.html
JVNDB-2012-004543 Apple iOS 6 未満のパスコードロックの実装におけるパスコードの要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004543.html
JVNDB-2012-004542 Apple iOS の ImageIO におけるメモリ二重解放の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004542.html
JVNDB-2012-004541 Apple iOS の IPsec コンポーネントにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004541.html
JVNDB-2012-004540 Apple iOS 6 未満のパスコードロックの実装におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004540.html
JVNDB-2012-004539 Apple iOS のカーネルにおける権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004539.html
JVNDB-2012-004538 Apple Safari 6.0.1 未満の Form Autofill 機能における Me カードの情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004538.html
JVNDB-2012-004537 Apple Safari 6.0.1 未満における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004537.html
JVNDB-2012-004536 Apple iOS のカーネルにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004536.html
JVNDB-2012-004535 Apple iOS のメールにおける添付ファイルを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004535.html
JVNDB-2012-004534 Apple iOS のメールにおけるパスコードの要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004534.html
JVNDB-2012-004533 Apple iOS のメールにおける署名されたコンテンツを偽造される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004533.html
JVNDB-2012-004532 Apple iOS 6 未満のパスコードロックの実装における任意の保存写真を表示される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004532.html
JVNDB-2012-004531 Apple iOS 6 未満のパスコードロックの実装におけるパスコードの要求を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004531.html
JVNDB-2012-004530 Apple Mac OS X の CoreText における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004530.html
JVNDB-2012-004529 Apple Mac OS X の DirectoryService におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004529.html
JVNDB-2012-004528 Apple iOS 6 未満のパスコードロックの実装における使用したサードパーティアプリケーションを見られる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004528.html
JVNDB-2012-004527 Apple iOS 6 未満の Office Viewer における Data Protection レベルまたは暗号化を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004527.html
JVNDB-2012-004526 Apple Mac OS X における入力されたパスワードを読み取られる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004526.html
JVNDB-2012-004525 Apple Mac OS X のメールにおける任意のプラグインコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004525.html
JVNDB-2012-004524 Apple iOS 6 未満のメッセージにおける重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004524.html
JVNDB-2012-004523 Apple Mac OS X の QuickTime および iOS の CoreMedia におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004523.html
JVNDB-2012-004522 Apple Mac OS X のモバイルアカウントにおけるパスワードを特定される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004522.html
JVNDB-2012-004521 Apple Mac OS X の Profile Manager における管理対象のデバイスを列挙される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004521.html
JVNDB-2012-004520 Apple Mac OS X における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004520.html
APPLE-SA-2012-09-24-1 Apple TV 5.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00108.html
CVE-2012-4415: guacamole local root vulnerability
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00106.html
[SECURITY] [DSA 2551-1] isc-dhcp security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00097.html
US-CERT Alert TA12-265A - Microsoft Releases Patch for Internet Explorer Exploit
http://www.derkeiler.com/Mailing-Lists/Cert/2012-09/msg00003.html
DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00105.html
Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00104.html
Toshiba ConfigFree CF7 File Remote Command Execution
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00103.html
Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName)
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00102.html
[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Dis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00096.html
ESA-2012-037: RSA(r) Authentication Agent 7.1 for Microsoft Windows(r) and RSA(r) Authentica
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00101.html
[Announcement] ClubHack Magazines Sept 2012 Issue Out
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00100.html
[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulne
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00099.html
GreHack 2012 - 19th Oct. Grenoble, France - Conference + CTF - Call For [ Participation,
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00098.html
APPLE-SA-2012-09-19-3 Safari 6.0.1
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00095.html
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00094.html
APPLE-SA-2012-09-19-1 iOS 6
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00093.html
[Positive Research] Intel SMEP Part II: Bypassing Intel SMEP on Windows 8 x64 Using Return-orien
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00107.html
[security bulletin] HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Dis
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00092.html
[2.0 Update] Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility C
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00091.html
RSA Authentication Agent Lets Remote Authenticated Users Bypass an Authentication Step
http://www.securitytracker.com/id/1027559
Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users
http://www.securitytracker.com/id/1027558
VU#555668 JAMF Software Casper Suite contains a cross-site request forgery
http://www.kb.cert.org/vuls/id/555668
SafeNet Sentinel Protection Installer Keys Server Denial of Service Vulnerability
http://secunia.com/advisories/50685/
WordPress Notices Ticker Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50717/
Gentoo update for expat
http://secunia.com/advisories/50695/
Gentoo update for libreoffice
http://secunia.com/advisories/50692/
WordPress Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50715/
gpEasy CMS Unspecified Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50691/
SonicWALL Anti-Spam & Email Security Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50686/
Gentoo update for bind
http://secunia.com/advisories/50724/
Ubuntu update for kernel
http://secunia.com/advisories/50732/
Debian update for isc-dhcp
http://secunia.com/advisories/50727/
Gentoo update for tiff
http://secunia.com/advisories/50726/
Gentoo update for php
http://secunia.com/advisories/50725/
IBM Installation Manager IEHS Redirection Weakness and Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50729/
morgane CMS Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012090219
LetUsPlay CMS SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090218
mc-creation CMS Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012090217
SmartCreations Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090216
IFOBS CSRF and XSS vulnerabilities
http://cxsecurity.com/issue/WLB-2012090215
Novell GroupWise Agents Arbitrary File Retrieval
http://cxsecurity.com/issue/WLB-2012090214
Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55337
Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953
Oracle Java SE CVE-2012-1726 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53948
Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954
Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951
Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213
Oracle Java SE CVE-2012-1721 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53959
Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946
Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947
Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950
Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136
Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339
Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952
Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336
libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951
International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51006
Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300
WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680
libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891
libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056
Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658
Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279
libpng Malformed cHRM Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/49744
Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53476
OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428
OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1976 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55319
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1973 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55316
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55317
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3959 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55324
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-3972 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55310
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1975 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55318
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1972 Use-After-Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55314
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3962 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/55342
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3978 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55306
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-1970 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55266
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-3969 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55292
libguac Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55497
Tor Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55519
ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494
PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638
PHP CVE-2012-0057 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51806
Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763
Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702
Expat XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/37203
OpenOffice Microsoft Word File Format Importer Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/49969
OptiPNG Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55566
Tor Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55128
ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522
GNU Automake Local Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/54418
PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51830
PHP PDO Memory Access Violation Denial of Service Vulnerability
http://www.securityfocus.com/bid/54777
PHP 'header()' HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/55297
IcedTea-Web Multiple Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54762
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388
PHP CVE-2012-0789 Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52043
PHP Web Form Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51193
PHP PDORow Object Remote Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51952
PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403
PHP CVE-2012-3365 'open_basedir' Security-Bypass Vulnerability
http://www.securityfocus.com/bid/54612
PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
http://www.securityfocus.com/bid/51954
PHP 'exif_process_IFD_TAG()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50907
PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545
PHP 'is_a()' Function Remote File Include Vulnerability
http://www.securityfocus.com/bid/49754
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54658
ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54659
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
ISC BIND CVE-2012-1033 Security Bypass Vulnerability
http://www.securityfocus.com/bid/51898
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/36097
Expat XML Parsing Multiple Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52379
ISC DHCP IPv6 Lease Expiration Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55530
Raptor XML External Entity Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52681
LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54769
OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53570
IBM Eclipse Help System Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53884
LibTIFF 't2p_read_tiff_init()' Function Heap-based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54601
ZEN Load Balancer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55638
NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51374
JAMF Software Casper Suite Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55663
Multiple RSA Products Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55662
WordPress Notices Ticker Plugin Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/55661
gpEasy CMS Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55657
Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55651
2012年9月24日月曜日
24日 月曜日、仏滅
+ UPDATE: Microsoft Security Advisory (2757760) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2757760
+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801
+ UPDATE: マイクロソフト セキュリティ アドバイザリ (2757760) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2757760
+ マイクロソフト セキュリティ アドバイザリ (2755801) Internet Explorer 10 における Adobe Flash Player の脆弱性に関する更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801
+ Microsoft Internet Explorer cloneNode Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2557
+ Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2548
+ Microsoft Internet Explorer Event Listener Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2546
+ Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1529
緊急サーバメンテナンスのお知らせ(2012年9月23日)
http://www.trendmicro.co.jp/support/news.asp?id=1841
Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
尖閣諸島関連改ざん被害の裁判所Webサイト、1週間ぶりに復旧
http://itpro.nikkeibp.co.jp/article/NEWS/20120921/424403/?ST=security
セキュアブレイン、社内のマルウエア感染状況を可視化するSaaSを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20120921/424324/?ST=security
JVNDB-2012-001793 JP1/Cm2/Network Node Manager i におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001793.html
JVNDB-2012-004397 (JVNVU#480095) (JVNTA12-262A) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004397.html
JVNDB-2012-004519 KnowledgeTree の config/dmsDefaults.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004519.html
JVNDB-2012-004518 Caminova DjVu Browser Plug-in におけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004518.html
JVNDB-2012-004517 VR GPub の admin/admin_options.php におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004517.html
JVNDB-2012-004516 Parallels H-Sphere におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004516.html
JVNDB-2012-004515 NoMachine NX Web Companion の nxapplet.jar における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004515.html
JVNDB-2012-004514 Social Book Facebook Clone におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004514.html
JVNDB-2012-004513 e107 用 jbShop プラグインの jbshop.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004513.html
JVNDB-2012-004512 Online Subtitles Workshop におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004512.html
JVNDB-2012-004511 HP Network Node Manager i におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004511.html
JVNDB-2012-004510 OrderSys における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004510.html
JVNDB-2012-004509 WordPress 用 ClickDesk Live Support - Live Chat におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004509.html
JVNDB-2012-004508 WordPress 用 ZooEffect プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004508.html
JVNDB-2012-004507 WordPress 用 Skysa App Bar Integration プラグインにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004507.html
JVNDB-2012-004506 eSyndiCat Pro の admin/controller.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004506.html
Update for CVE-2012-3132
http://isc.sans.edu/diary.html?storyid=14164
iOS 6 Security Roundup
http://isc.sans.edu/diary.html?storyid=14152
IE Cumulative Updates MS12-063 - KB2744842
http://isc.sans.edu/diary.html?storyid=14155
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 (2755801)
http://isc.sans.edu/diary.html?storyid=14158
Storing your Collection of Malware Samples with Malwarehouse
http://isc.sans.edu/diary.html?storyid=14161
Microsoft Internet Explorer Multiple Use-After-Free Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027555
Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
http://www.securitytracker.com/id/1027554
Zend Framework Input Validation Flaws Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1027553
ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090213
FlatOut Malformed .bed file Buffer Overflow
http://cxsecurity.com/issue/WLB-2012090212
infobigs CMS LFI Vulnerability
http://cxsecurity.com/issue/WLB-2012090211
tapinllc Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090210
2xl Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090209
WEBBISH SQL Injection
http://cxsecurity.com/issue/WLB-2012090208
Gazine2 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090207
Toshiba ConfigFree CF7 File Remote Command Execution
http://cxsecurity.com/issue/WLB-2012090206
Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field)
http://cxsecurity.com/issue/WLB-2012090205
Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName)
http://cxsecurity.com/issue/WLB-2012090204
Thomson Wireless VoIP Cable Modem Auth Bypass
http://cxsecurity.com/issue/WLB-2012090203
libdbus DBUS_SYSTEM_BUS_ADDRESS trivial non-dbus root exploit
http://cxsecurity.com/issue/WLB-2012090202
Apache CXF SOAP Action Spoofing Attacks
http://cxsecurity.com/issue/WLB-2012090201
AShop 5.3.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090200
cgCraft llc SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090199
Jessica Rhaye Design <= Cross Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090198
Tariq Rauf SQL Injection
http://cxsecurity.com/issue/WLB-2012090197
Rocket Web Consulting SQL Injection
http://cxsecurity.com/issue/WLB-2012090196
NW7Design SQL Injection
http://cxsecurity.com/issue/WLB-2012090195
Zen Load Balancer Two Information Disclosure Security Issues
http://secunia.com/advisories/50690/
Fortinet FortiOS (FortiGate) Two Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50638/
Manhali "f" Arbitrary File Disclosure Vulnerability
http://secunia.com/advisories/50570/
Zend Framework Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50682/
Avaya Aura Session Manager OpenSSL Two Vulnerabilities
http://secunia.com/advisories/50678/
Avaya Application Enablement Services Two Vulnerabilities
http://secunia.com/advisories/50712/
Avaya Aura Communication Manager Multiple Vulnerabilities
http://secunia.com/advisories/50684/
Avaya Voice Portal Multiple Vulnerabilities
http://secunia.com/advisories/50614/
Avaya Aura System Manager X.Org xserver File Locking Weakness
http://secunia.com/advisories/50675/
iFOBS Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50603/
Ubuntu update for dbus
http://secunia.com/advisories/50710/
Red Hat update for Red Hat Enterprise MRG
http://secunia.com/advisories/50697/
Cumin Multiple Vulnerabilities
http://secunia.com/advisories/50660/
eSyndiCat Pro Multiple Cross Site Scripting Vulnerabilities
2012-09-22
http://www.securityfocus.com/bid/50822
Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763
Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702
HP SiteScope UploadFilesHandler Directory Traversal Vulnerability
http://www.securityfocus.com/bid/55273
KVM CVE-2012-2121 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53162
Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55151
Adobe Flash Player and AIR APSB12-19 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55136
Adobe Flash Player and AIR CVE-2012-4171 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55365
Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55009
Drupal Password Policy Module Cross Site Request Forgery and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51385
Drupal Search Autocomplete Module Database API SQL Injection Vulnerability
http://www.securityfocus.com/bid/51667
Drupal Admin:hover Module Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/51388
Drupal Taxotouch Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51384
Drupal Taxonomy Navigator Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51387
FlashFXP Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/52259
Hitachi JP1/Cm2/Network Node Manager i Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/52205
deV!L`z Clanportal Witze Addon 'id' Parameter SQL Injection Vulnerability
http://www.securityfocus.com/bid/52286
Mercury MR804 Router Multiple HTTP Header Fields Denial Of Service Vulnerabilities
http://www.securityfocus.com/bid/52106
starCMS 'q' Parameter URI Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52262
Ricoh Company DC Software DL-10 'USER' Command Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/52235
Caminova DjVu Browser Plug-in 'npdjvu.dll' File Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/51675
RivetTracker Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52283
AneCMS 'index.php' Local File Include Vulnerability
http://www.securityfocus.com/bid/52272
Drupal Fill PDF Module Security Bypass and Arbitrary Code Execution Vulnerabilities
http://www.securityfocus.com/bid/51288
Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562
NX Web Companion Applet Handling Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/51676
Drupal Support Timer Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50873
Drupal Supercron Module Unspecified Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51383
Drupal Webform Validation Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50872
e107 CMS jbShop Plugin 'item_id' SQL Injection Vulnerability
http://www.securityfocus.com/bid/50438
Infoblox NetMRI Admin Login Page Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50646
OrderSys 'where_clause' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/50550
Online Subtitles Workshop 'video_comments.php' HTML Injection Vulnerability
http://www.securityfocus.com/bid/50382
HP Network Node Manager i Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50806
WordPress 1-jquery-photo-gallery-slideshow-flash Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50860
WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50824
WordPress Lanoba Social Plugin 'action' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50746
WordPress ClickDesk Live Support Plugin 'cdwidget' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/50778
Drupal Support Ticketing System Module Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50871
Drupal Vote up/down Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/51376
Drupal Date Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/51378
Timesheet Next Gen Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/52270
KnowledgeTree Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/51373
Drupal Submenu Tree Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52226
Social Book Facebook Clone 2010 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/50840
Drupal Hierarchical Select Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52228
Drupal Taxonomy Views Integrator Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/52227
Drupal Managesite Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/51669
Cumin Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/55618
Linux Kernel FSGEOMETRY_V1 IOCTL Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46417
Condor Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55632
X.Org X11 File Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50193
Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
http://www.securityfocus.com/bid/46839
Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/48333
Linux Kernel Bluetooth 'l2cap_sock.c' and 'rfcomm/sock.c' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/48441
Linux Kernel EFI Partition Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47796
Red Hat Linux Kernel VLAN Packets Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/48907
Xen Instruction Emulation During VM Exits Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/48610
Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47534
Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47843
Linux Kernel 'agp_allocate_memory/agp_create_user_memory' Local Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/47535
Linux Kernel 'ib_uverbs_poll_cq()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/46488
Linux Kernel 'next_pidmap()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47497
Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/47308
Linux Kernel Signal Code Spoofing Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/47003
Linux Kernel 'ib_uverbs_poll_cq()' Integer Overflow Vulnerability
http://www.securityfocus.com/bid/46073
Microsoft Internet Explorer cloneNode Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55647
Microsoft Internet Explorer Layout Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55646
Microsoft Internet Explorer Event Listener Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55645
Toshiba ConfigFree 'CF7' File Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55644
Toshiba ConfigFree 'CF7' File Remote Command Execution Vulnerability
http://www.securityfocus.com/bid/55643
Microsoft Internet Explorer OnMove Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55641
Monkey HTTP Daemon Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55639
ZEN Load Balancer Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55638
Zend Framework Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55636
2012年9月21日金曜日
21日 金曜日、先勝
+ CESA-2012:1269 Moderate CentOS 6 qpid Update
http://lwn.net/Alerts/517123/
+ CESA-2012:1288 Moderate CentOS 6 libxml2 Update
http://lwn.net/Alerts/517124/
+ UPDATE: HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03489683%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ GCC 4.7.2 released
http://gcc.gnu.org/gcc-4.7/changes.html
+ Microcart CVE-2012-4241 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4241
+ Linux Kernel 'request_module() OOM' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398
Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
IPA テクニカルウォッチ
製品の品質を確保する「セキュリティテスト」に関するレポート
~修正費用の低減につながるセキュリティテスト「ファジング」の活用方法とテスト期間に関する考察~
http://www.ipa.go.jp/about/technicalwatch/20120920.html
プロティビティ、セキュリティ対応の組織作りを支援するコンサルを体系化
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/424125/?ST=security
アノニマスの自称代弁者、チャット中に逮捕
http://itpro.nikkeibp.co.jp/article/NEWS/20120921/424182/?ST=security
日本マイクロソフト、9月22日にIEの修正プログラム緊急公開を予告
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/424061/?ST=security
Eの危険な脆弱性を修正するパッチ、9月22日に緊急リリース
「Fix it」での対策ツールは既に公開
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/423921/?ST=security
JVNTA12-262A Internet Explorer への攻撃に関する Microsoft Security Advisory (2757760) 公開
http://jvn.jp/cert/JVNTA12-262A/
JVNVU#480095 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU480095/
JVNDB-2012-004490 Ricoh DC Software DL-10 の SR10 FTP サーバーにおけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004490.html
JVNDB-2012-004489 deV!L'z Clanportal 用 Witze アドオンにおける SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004489.html
JVNDB-2012-004488 Mercury MR804 ルータにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004488.html
JVNDB-2012-004487 starCMS の index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004487.html
JVNDB-2012-004486 AneCMS の acp/index.php におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004486.html
JVNDB-2012-004485 LimeSurvey の admin/userrighthandling.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004485.html
JVNDB-2012-004484 LimeSurvey の admin/admin.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004484.html
JVNDB-2012-004483 RivetTracker における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004483.html
JVNDB-2012-004482 RivetTracker の torrent_functions.php における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004482.html
JVNDB-2012-004480 Apache Wicket におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004480.html
JVNDB-2012-004479 Timesheet Next Gen の login.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004479.html
JVNDB-2012-004478 (JVNVU#459446) PayPal Website Payments Standard を使用している osCommerce Online Merchant に検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004478.html
JVNDB-2012-003878 GIMP の GIF 画像形式用プラグインにおける整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003878.html
JVNDB-2012-003877 GNU C Library の stdlib における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003877.html
JVNDB-2012-003777 libotr におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003777.html
JVNDB-2012-003775 Calligra の Microsoft インポートフィルタにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003775.html
JVNDB-2012-003776 KOffice の Microsoft インポートフィルタにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003776.html
JVNDB-2012-004477 Moodle の course/reset.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004477.html
JVNDB-2012-004476 Moodle の lib/filelib.php における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004476.html
JVNDB-2012-004475 Moodle の theme/yui_combo.php におけるインストールパスを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004475.html
JVNDB-2012-004474 Moodle の webservice/lib.php における任意の外部サービスを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004474.html
JVNDB-2012-004473 Moodle における機能制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004473.html
JVNDB-2012-004472 Moodle の repository/repository_ajax.php におけるアップロードサイズの制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004472.html
JVNDB-2012-004471 Mailtraq におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004471.html
JVNDB-2012-004470 SmarterMail におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004470.html
JVNDB-2012-004468 Novell GroupWise の GWIA の gwia.exe における整数オーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004468.html
JVNDB-2012-004467 Novell GroupWise の GWIA 内の gwwww1.dll におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004467.html
JVNDB-2012-004459 libgio における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004459.html
JVNDB-2012-004458 OpenStack Keystone における取り消されたロールの特権を保持される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004458.html
JVNDB-2012-004457 International Color Consortium Format library における整数アンダーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004457.html
JVNDB-2012-004456 FlexCMS におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004456.html
JVNDB-2012-004453 HP Operations Orchestration における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004453.html
JVNDB-2012-004452 FreeRADIUS の cbtls_verify 関数におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004452.html
JVNDB-2012-004451 libdbus における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004451.html
JVNDB-2012-004397 (JVNVU#480095) (JVNTA12-262A) Internet Explorer に任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004397.html
JVNDB-2012-004450 Siemens WinCC の WebNavigator におけるユーザ名およびパスワードを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004450.html
JVNDB-2012-004449 Siemens WinCC の WebNavigator における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004449.html
JVNDB-2012-004448 Siemens WinCC の WebNavigator におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004448.html
JVNDB-2012-004447 Siemens WinCC の WebNavigator におけるファイルを読まれる脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004447.html
JVNDB-2012-004446 Siemens WinCC の WebNavigator におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004446.html
JVNDB-2012-000087 (JVN#56373673) myLittleAdmin for SQL server 2000 における任意のスクリプトが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000087.html
JVNDB-2012-000086 (JVN#50701493) Email Anti-virus(旧名称:Webshield SMTP)におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000086.html
JVNDB-2012-004437 Webfolio CMS におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004437.html
JVNDB-2012-004436 (JVNVU#471364) Trend Micro InterScan Messaging Security Suite におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004436.html
JVNDB-2012-004435 (JVNVU#471364) Trend Micro InterScan Messaging Security Suite におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004435.html
JVNDB-2012-004434 NetWin SurgeMail におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004434.html
JVNDB-2012-004433 Oxwall の ow_updates/index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004433.html
JVNDB-2012-004431 ImgPals Photo Host の approve.php における管理者のアクティベーションを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004431.html
JVNDB-2012-004430 ImgPals Photo Host の approve.php における SQL インジェクションの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004430.html
JVNDB-2012-004429 ASUS Net4Switch 用 ipswcom.dll ActiveX コンポーネントにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004429.html
JVNDB-2012-004428 Endian Firewall におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004428.html
JVNDB-2012-004427 Flogr の index.php におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004427.html
JVNDB-2012-004426 Beaker における重要なセッションデータの一部を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004426.html
JVNDB-2012-004425 Kayako Fusion におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004425.html
JVNDB-2012-004424 TestLink におけるクロスサイトリクエストフォージェリの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004424.html
JVNDB-2012-004423 Bugbear Entertainment FlatOut におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004423.html
JVNDB-2012-004422 StoryBoard Quick におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004422.html
JVNDB-2012-004421 Oracle Formula One ActiveX コントロールにおけるヒープベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004421.html
JVNDB-2012-004420 KnFTP におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004420.html
JVNDB-2012-004419 Free MP3 CD Ripper におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004419.html
JVNDB-2012-004418 VanDyke Software AbsoluteFTP におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004418.html
JVNDB-2012-004417 GOM Player におけるスタックベースのバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004417.html
JVNDB-2012-004416 Tor の common/util.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004416.html
JVNDB-2012-004415 Tor の or/policies.c におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004415.html
JVNDB-2012-004414 WordPress の wp-admin/plugins.php におけるプラグインを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004414.html
JVNDB-2012-004413 WordPress の wp-includes/class-wp-atom-server.php におけるアクセス制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004413.html
JVNDB-2012-004395 (JVNVU#389795) Windows Phone 7 に SSL サーバ証明書の検証不備の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004395.html
JVNDB-2012-004396 (JVNVU#591667) Endpoint Protector 4 の認証機能に脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004396.html
JVNDB-2012-004412 Cisco IOS の SSLVPN の実装におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004412.html
JVNDB-2012-004411 Cisco IOS の SSLVPN の実装におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004411.html
JVNDB-2012-004410 複数の Cisco 製品で使用される Cisco ACE モジュールにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004410.html
JVNDB-2012-004409 Cisco IOS の DMVPN トンネルの実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004409.html
JVNDB-2012-004407 Cisco IPS 4200 シリーズセンサー上で稼働する sensorApp におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004407.html
JVNDB-2012-004406 Cisco IOS におけるサービス運用妨害 (デバイスクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004406.html
JVNDB-2012-004405 Cisco IOS の FlexVPN の実装におけるサービス運用妨害 (スポーククラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004405.html
JVNDB-2012-004404 Cisco Unity Connection におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004404.html
JVNDB-2012-004403 Linux 上の Cisco AnyConnect Secure Mobility Client における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004403.html
JVNDB-2012-004402 Cisco AnyConnect Secure Mobility Client における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004402.html
JVNDB-2012-004401 Cisco IOS におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004401.html
JVNDB-2012-004400 Cisco Unity Connection におけるサービス運用妨害 (CPU 資源の消費) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004400.html
JVNDB-2012-004399 Cisco VPN Client における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004399.html
JVNDB-2012-004398 Cisco Nexus 7000 シリーズスイッチ上で稼働する Cisco NX-OS におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004398.html
JVNDB-2012-004394 複数の製品で使用される SPDY プロトコルにおける平文の HTTP ヘッダを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004394.html
JVNDB-2012-004393 複数の製品で使用される TLS プロトコルにおける平文の HTTP ヘッダを取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004393.html
JVNDB-2012-004392 Apache HTTP Server 用 mod_pagespeed モジュールにおけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004392.html
JVNDB-2012-004391 Apache HTTP Server 用 mod_pagespeed モジュールにおける HTTP リクエストを誘発される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004391.html
JVNDB-2012-004390 IBM AIX および VIOS の NFSv4 クライアントの実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004390.html
JVNDB-2012-004389 bitcoind および Bitcoin-Qt におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004389.html
JVNDB-2012-004388 bitcoind および Bitcoin-Qt におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004388.html
JVNDB-2012-004387 Android 上で稼働する Google Chrome における Cookie 情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004387.html
JVNDB-2012-004386 Android 上で稼働する Google Chrome における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004386.html
JVNDB-2012-004385 Android 上で稼働する Google Chrome における脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004385.html
JVNDB-2012-004384 Android 上で稼働する Google Chrome における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004384.html
JVNDB-2012-004383 Android 上で稼働する Google Chrome におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004383.html
JVNDB-2012-004382 Android 上で稼働する Google Chrome におけるクロスアプリケーションスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004382.html
JVNDB-2012-004381 Android 上で稼働する Google Chrome における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004381.html
JVNDB-2012-004380 ISC BIND におけるサービス運用妨害 (表明違反および named デーモンの終了) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004380.html
JVNDB-2012-004379 ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004379.html
JVNDB-2012-004378 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004378.html
JVNDB-2012-004377 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004377.html
JVNDB-2012-004376 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004376.html
JVNDB-2012-004375 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004375.html
JVNDB-2012-004374 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004374.html
JVNDB-2012-004373 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004373.html
JVNDB-2012-004372 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004372.html
JVNDB-2012-004371 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004371.html
JVNDB-2012-004370 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004370.html
JVNDB-2012-004369 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004369.html
JVNDB-2012-004368 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004368.html
JVNDB-2012-004367 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004367.html
JVNDB-2012-004366 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004366.html
JVNDB-2012-004365 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004365.html
JVNDB-2012-004364 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004364.html
JVNDB-2012-004363 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004363.html
JVNDB-2012-004362 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004362.html
JVNDB-2012-004361 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004361.html
JVNDB-2012-004360 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004360.html
JVNDB-2012-004359 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004359.html
JVNDB-2012-004358 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004358.html
JVNDB-2012-004357 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004357.html
JVNDB-2012-004356 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004356.html
JVNDB-2012-004355 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004355.html
JVNDB-2012-004354 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004354.html
JVNDB-2012-004353 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004353.html
JVNDB-2012-004352 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004352.html
JVNDB-2012-004351 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004351.html
JVNDB-2012-004350 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004350.html
JVNDB-2012-004349 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004349.html
JVNDB-2012-004348 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004348.html
JVNDB-2012-004347 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004347.html
JVNDB-2012-004346 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004346.html
JVNDB-2012-004345 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004345.html
JVNDB-2012-004344 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004344.html
JVNDB-2012-004343 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004343.html
JVNDB-2012-004342 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004342.html
JVNDB-2012-004341 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004341.html
JVNDB-2012-004340 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004340.html
JVNDB-2012-004339 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004339.html
JVNDB-2012-004338 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004338.html
JVNDB-2012-004337 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004337.html
JVNDB-2012-004336 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004336.html
JVNDB-2012-004335 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004335.html
JVNDB-2012-004334 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004334.html
JVNDB-2012-004333 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004333.html
JVNDB-2012-004332 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004332.html
JVNDB-2012-004331 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004331.html
JVNDB-2012-004330 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004330.html
JVNDB-2012-004329 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004329.html
JVNDB-2012-004328 Apple iTunes 10.7 未満で使用される WebKit における任意のコードを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004328.html
Apple iOS Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information and Local Users Bypass Security Restrictions
http://www.securitytracker.com/id/1027552
Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027551
Apple Safari Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code
http://www.securitytracker.com/id/1027550
IE Fixes Available
http://isc.sans.edu/diary.html?storyid=14134
Apple and Cisco Security Advisories 19 SEP 2012
http://isc.sans.edu/diary.html?storyid=14143
Financial sector advisory: attacks and threats against financial institutions
http://isc.sans.edu/diary.html?storyid=14146
WordPress WP-TopBar Plugin Cross-Site Request Forgery Vulnerability
http://secunia.com/advisories/50693/
Apache CXF SOAP Action Validation Vulnerability
http://secunia.com/advisories/50664/
WordPress MF Gig Calendar Plugin URL Cross-Site Scripting Vulnerability
http://secunia.com/advisories/50571/
Condor Multiple Vulnerabilities
http://secunia.com/advisories/50666/
Red Hat update for kernel-rt
http://secunia.com/advisories/50696/
Red Hat update for qpid
http://secunia.com/advisories/50699/
Drupal Imagemenu Module Image Filename Script Insertion Vulnerability
http://secunia.com/advisories/50683/
Drupal Spambot Module stopforumspam.com API Script Insertion Vulnerability
http://secunia.com/advisories/50670/
Drupal PRH Search Module Script Insertion Vulnerability
http://secunia.com/advisories/50672/
Red Hat update for Red Hat Enterprise MRG
http://secunia.com/advisories/50602/
SUSE update for rubygem-actionpack and rubygem-activesupport
http://secunia.com/advisories/50694/
Red Hat update for Red Hat Enterprise MRG
http://secunia.com/advisories/50602/
Drupal FileField Sources Module Filename Script Insertion Vulnerability
http://secunia.com/advisories/50688/
Apache Qpid Incomplete Client Connection Handling Broker Denial of Service Vulnerability
http://secunia.com/advisories/50573/
SUSE update for ghostscript
http://secunia.com/advisories/50662/
Cisco Secure Desktop WebLaunch Vulnerability
http://secunia.com/advisories/50669/
Ubuntu update for kernel
http://secunia.com/advisories/50652/
Ubuntu update for kernel
http://secunia.com/advisories/50633/
Apple iOS Multiple Vulnerabilities
http://secunia.com/advisories/50628/
Apple Mac OS X Multiple Vulnerabilities
http://secunia.com/advisories/50628/
Webify Multiple Products File Deletion Vulnerability
http://secunia.com/advisories/50524/
Apple Safari for Mac OS X Multiple Vulnerabilities
http://secunia.com/advisories/50577/
Apache CXF SOAP Action Spoofing Attacks
http://cxsecurity.com/issue/WLB-2012090201
AShop 5.3.4 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090200
cgCraft llc SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090199
Jessica Rhaye Design <= Cross Site Scripting Vulnerabilities
http://cxsecurity.com/issue/WLB-2012090198
Tariq Rauf SQL Injection
http://cxsecurity.com/issue/WLB-2012090197
Rocket Web Consulting SQL Injection
http://cxsecurity.com/issue/WLB-2012090196
NW7Design SQL Injection
http://cxsecurity.com/issue/WLB-2012090195
GNU glibc 'nargs' Integer Overflow Security Bypass Vulnerability
http://www.securityfocus.com/bid/52201
X.Org X11 File Enumeration Information Disclosure Vulnerability
http://www.securityfocus.com/bid/50193
libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52764
OpenLDAP Weak Cipher Encryption Security Weakness
http://www.securityfocus.com/bid/53823
Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
http://www.securityfocus.com/bid/47820
ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/53772
libcrypt 'crypt()' Password Encryption Weakness
http://www.securityfocus.com/bid/53729
HP SiteScope Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/55269
Drupal Read More Link Module HTML Injection Vulnerability
http://www.securityfocus.com/bid/52340
Drupal Data Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52337
Drupal Node Recommendation Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/52343
Piwik Unspecified PHP Code Execution Vulnerability
http://www.securityfocus.com/bid/48352
Drupal Multisite Search Module SQL Injection Vulnerability
http://www.securityfocus.com/bid/52342
Drupal UC PayDutchGroup / WeDeal payment Module Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52344
Drupal Block Class Module 'Class' Field HTML Injection Vulnerability
http://www.securityfocus.com/bid/52341
Drupal Webform Module Radio Buttons Checkboxes HTML Injection Vulnerability
http://www.securityfocus.com/bid/52345
Microcart CVE-2012-4241 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/55620
libdbus 'DBUS_SYSTEM_BUS_ADDRESS' Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/55517
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49778
libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891
Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612
Apple Mac OS X Security Update 2012-004 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55623
PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54638
PHP 'phar/tar.c' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/47545
PHP CVE-2012-1172 Directory Traversal Vulnerability
http://www.securityfocus.com/bid/53403
PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
http://www.securityfocus.com/bid/51954
PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388
Apple iPhone/iPad/iPod touch Prior to iOS 5.1 Multiple Vulnerabilities
http://www.securityfocus.com/bid/52364
ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50690
Apple Mac OS X CVE-2012-0652 Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/53457
Apple QuickTime Prior To 7.7.2 RLE Files Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53579
Apple QuickTime Prior To 7.7.2 'sean' Atoms Integer Overflow Vulnerability
http://www.securityfocus.com/bid/53582
Apple QuickTime Prior To 7.7.2 '.pict' Files Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53584
Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
http://www.securityfocus.com/bid/51705
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49957
Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/50494
libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/51407
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51706
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
http://www.securityfocus.com/bid/50802
International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51006
WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55534
Google Chrome Prior to 20.0.1132.57 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54386
Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203
Google Chrome Prior to 19.0.1084.52 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53679
Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562
Apache Qpid (qpidd) Denial of Service Vulnerability
http://www.securityfocus.com/bid/55608
Linux Kernel 'request_module() OOM' Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/55361
Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52031
Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300
Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50360
Teiid JDBC Man in the Middle Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55634
WebKit for Apple iOS 6 for Developer Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55631
AShop 'language' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55630
Manhali 'f' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/55629
Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
http://www.securityfocus.com/bid/55628
openCryptoki Multiple Insecure File Creation Vulnerabilities
http://www.securityfocus.com/bid/55627
WordPress MF Gig Calendar Plugin CVE-2012-4242 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55622
Technicolor THOMSON TWG850-4 HTTP Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55621
Poweradmin 'index.php' Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55619
2012年9月20日木曜日
20日 木曜日、赤口
+ RHSA-2012:1269 Moderate: qpid security, bug fix, and enhancement update
http://rhn.redhat.com/errata/RHSA-2012-1269.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2145
+ About the security content of Safari 6.0.1
http://support.apple.com/kb/HT5502
+ About the security content of OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004
http://support.apple.com/kb/HT5501
+ About the security content of iOS 6
http://support.apple.com/kb/HT5503
+ CESA-2012:1288 Moderate CentOS 5 libxml2 Update
http://lwn.net/Alerts/516912/
+ UPDATE: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
+ UPDATE: HPSBMU02815 SSRT100715 rev.2 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03489683%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ UPDATE: HPSBUX02729 SSRT100687 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03105548%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4049
+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2394
+ CVE-2011-2524 Directory traversal vulnerability in libsoup
https://blogs.oracle.com/sunsecurity/entry/cve_2011_2524_directory_traversal
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2524
+ CVE-2012-2763 Buffer overflow vulnerability in Gimp
https://blogs.oracle.com/sunsecurity/entry/cve_2012_2763_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763
+ CVE-2012-3236 Buffer overflow vulnerability in Gimp
https://blogs.oracle.com/sunsecurity/entry/cve_2012_3236_buffer_overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3236
+ Multiple vulnerabilities in Oracle Java Web Console
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0013
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
+ Multiple vulnerabilities in Oracle Java Web Console
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
+ Multiple vulnerabilities in Pidgin
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_pidgin1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4528
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1178
+ Multiple vulnerabilities in Firefox web browser
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_firefox_web1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3062
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0470
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0471
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0477
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0479
+ Linux kernel 3.2.30 released
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.30
+ Cisco Secure Desktop CVE-2012-4655 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55606
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4655
+ Cisco IOS SSLVPN Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3924
+ Cisco Identity Services Engine CVE-2012-3908 Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/55602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3908
Check Point response to "Check Point GO Vulnerabilities report"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk79500&src=securityAlerts
Advisory: Shh/Updater-B False positives
http://www.sophos.com/en-us/support/knowledgebase/118311.aspx
US-CERT Alert TA12-262A - Microsoft Security Advisory for Internet Explorer Exploit
http://www.derkeiler.com/Mailing-Lists/Cert/2012-09/msg00002.html
Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00090.html
[SECURITY] [DSA 2550-1] asterisk security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-09/msg00089.html
プレス発表
官民の情報セキュリティコンテンツを集約したポータルサイト「ここからセキュリティ!」を公開
~被害への対処、対策方法など、情報セキュリティの知りたい情報はここから入手可能~
http://www.ipa.go.jp/about/press/20120919.html
シマンテックがセキュリティソフトの新版、マルチOS対応製品も用意
1製品にWindows/Mac/Android用ソフトを同こん、Windows 8にも対応
http://itpro.nikkeibp.co.jp/article/NEWS/20120920/423762/?ST=security
情報セキュリティと国家のセキュリティは不可分、サイバー戦争に日本政府が打つ手は?
http://itpro.nikkeibp.co.jp/article/Watcher/20120918/423301/?ST=security
Javaゼロデイ脆弱性とBlackhole攻撃ツール
http://itpro.nikkeibp.co.jp/article/COLUMN/20120919/423492/?ST=security
ウイルス新時代に備える
[対策編]脆弱性解消と心構えが重要
http://itpro.nikkeibp.co.jp/article/COLUMN/20120912/422365/?ST=security
JVNVU#459446 PayPal Website Payments Standard を使用している osCommerce Online Merchant に検証不備の脆弱性
http://jvn.jp/cert/JVNVU459446/
JVNVU#480095 Internet Explorer に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU480095/
JVNTA12-262A Internet Explorer への攻撃に関する Microsoft Security Advisory (2757760) 公開
http://jvn.jp/cert/JVNTA12-262A/
Script kiddie scavenging with Shellbot.S
http://isc.sans.edu/diary.html?storyid=14116
Volatility: 2.2 is Coming Soon
http://isc.sans.edu/diary.html?storyid=14125
Sophos detecting itself as SHH/Updater-B
http://isc.sans.edu/diary.html?storyid=14131
HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code
http://www.securitytracker.com/id/1027547
Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1027544
OpenJPEG Heap Overflow in j2k_read_cox() Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027542
Cisco IOS SSLVPN Denial of Service Vulnerability
http://secunia.com/advisories/50676/
WordPress Answer My Question Plugin "user_name" and "subject" Script Insertion Vulnerabilities
http://secunia.com/advisories/50655/
osCommerce Website Payments Standard Module Merchant Email Address Security Bypass
http://secunia.com/advisories/50640/
WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/50627/
Cisco Nexus 7000 Series NX-OS ARP Packet Handling Denial of Service
http://secunia.com/advisories/50671/
Cisco Identity Services Engine Cross-Site Request Forgery
http://secunia.com/advisories/50680/
LuxCal Web Calendar Multiple Vulnerabilities
http://secunia.com/advisories/50597/
Ubuntu update for isc-dhcp and dhcp3
http://secunia.com/advisories/49084/
SUSE update for otrs
http://secunia.com/advisories/50615/
SUSE update for chromium
http://secunia.com/advisories/50667/
Red Hat update for java-1.7.0-ibm
http://secunia.com/advisories/50629/
Red Hat update for libxml2
http://secunia.com/advisories/50658/
Novo Knowledge Base Enterprise Edition SQL Injection Vulnerability
http://secunia.com/advisories/50575/
Debian update for asterisk
http://secunia.com/advisories/50687/
Ubuntu update for gnupg and gnupg2
http://secunia.com/advisories/50639/
TorrentTrader Multiple Vulnerabilities
http://secunia.com/advisories/50657/
SUSE update for java-1_5_0-ibm
http://secunia.com/advisories/50585/
Ubuntu update for kernel
http://secunia.com/advisories/50677/
SUSE update for kvm
http://secunia.com/advisories/50689/
SumatraPDF Document Processing Two Vulnerabilities
http://secunia.com/advisories/50656/
Google SketchUp SKP File Processing Vulnerability
http://secunia.com/advisories/50663/
WinTR Unspecified Directory Traversal Vulnerability
http://secunia.com/advisories/50668/
MF Gig Calendar Wordpress Plugin Cross-Site Scripting
http://cxsecurity.com/issue/WLB-2012090190
Microcart 1.0 _Admin Cross-Site Scripting Security Vulnerability
http://cxsecurity.com/issue/WLB-2012090189
SmarterMail Free 9.2 stored XSS
http://cxsecurity.com/issue/WLB-2012090188
FreeSWITCH remote denial of service vulnerability
http://cxsecurity.com/issue/WLB-2012090187
LFSQ CMS Easy Login Vulnerability
http://cxsecurity.com/issue/WLB-2012090186
Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download
http://cxsecurity.com/issue/WLB-2012090185
Symantec Messaging Gateway 9.5.3-3 Unauthorized SSH Access
http://cxsecurity.com/issue/WLB-2012090184
Symantec Messaging Gateway 9.5.3-3 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090183
Symantec Messaging Gateway 9.5.3-3 Cross Site Request Forgery
http://cxsecurity.com/issue/WLB-2012090182
Symantec Messaging Gateway 9.5.3-3 Disclosure
http://cxsecurity.com/issue/WLB-2012090181
Oracle Hyperion SFC 12.x Remote Heap Overflow poc
http://cxsecurity.com/issue/WLB-2012090180
poweradmin Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012090179
Wordpress Admin name Information Disclosure
http://cxsecurity.com/issue/WLB-2012090178
InforpolNET SQL Injection
http://cxsecurity.com/issue/WLB-2012090177
avcmedia Cms SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012090176
firstlink Cms Cross-Site Scripting Vulnerability
http://cxsecurity.com/issue/WLB-2012090175
Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52031
Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300
Google Chrome Prior to 15.0.874.102 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/50360
Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702
Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763
Korenix Jetport 5600 Series Default Credentials Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/55196
Google Chrome Prior to 17.0.963.65 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52271
Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658
Apple Safari CVE-2012-0680 Security Bypass Vulnerability
http://www.securityfocus.com/bid/54688
Apple Mac OS X CVE-2011-3457 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/51808
Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279
libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/52049
libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056
International Components for Unicode '_canonicalize( )' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51006
libTIFF CVE-2012-1173 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/52891
libTIFF ThunderCode Decoder Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/46951
libpng 'png_set_text_2()' Function Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52830
libpng Malformed cHRM Divide-By-Zero Denial of Service Vulnerability
http://www.securityfocus.com/bid/49744
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
http://www.securityfocus.com/bid/52318
ICCLIB CVE-2012-4405 Out-of-Bounds Memory Write Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55494
Linux Kernel Key Management CVE-2012-2745 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54365
Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55151
WebKit SVG Images CVE-2012-3650 Uninitialized Memory Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54703
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/55534
WebKit International CVE-2012-3693 Domain Name URI Spoofing Vulnerability
http://www.securityfocus.com/bid/54693
WebKit CVE-2012-3691 Cross Origin Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54687
WebKit WebSockets CVE-2012-3696 HTTP Header Injection Vulnerability
http://www.securityfocus.com/bid/54700
WebKit CVE-2012-3695 Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/54695
Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203
Google Chrome Prior to 19.0.1084.52 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53679
WebKit Multiple Unspecified Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/54680
Google Chrome Prior to 17.0.963.83 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52674
Google Chrome Prior to 17.0.963.46 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51911
Google Chrome Prior to 16.0.912.77 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51641
Google Chrome Prior to 18.0.1025.168 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53309
Google Chrome Prior to 18.0.1025.142 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52762
Google Chrome Prior to 16.0.912.63 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51041
Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/52913
Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540
Siemens SIMATIC S7-1200 SSL Private Key Reuse Spoofing Vulnerability
http://www.securityfocus.com/bid/55559
Apache QPID NullAuthenticator Authentication Bypass Vulnerability
http://www.securityfocus.com/bid/54954
Mcrypt Stack Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55425
Joomla! Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/54259
Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53954
Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213
Microsoft Internet Explorer Image Arrays Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55562
Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55337
Oracle Java SE CVE-2012-1721 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53959
Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952
Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950
Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946
Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53947
Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53953
Oracle Java SE CVE-2012-1726 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53948
Oracle GlassFish Server Multiple Cross Site Scripting and HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/53136
Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336
Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339
libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107
libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51084
Drupal Fonecta Verify Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55614
Drupal Spambot Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55613
Apple iPhone/iPad/iPod touch Prior to iOS 6 Multiple Vulnerabilities
http://www.securityfocus.com/bid/55612
Drupal PRH Search Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55611
Drupal Imagemenu Module Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/55610
Apache Qpid (qpidd) Denial of Service Vulnerability
http://www.securityfocus.com/bid/55608
iFOBS 'regclientmain.jsp' Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55607
Cisco Secure Desktop CVE-2012-4655 Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55606
Cisco IOS SSLVPN Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/55604
WordPress WP-TopBar Plugin HTML Injection and Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/55603
Cisco Identity Services Engine CVE-2012-3908 Multiple Cross Site Request Forgery Vulnerabilities
http://www.securityfocus.com/bid/55602
WordPress Answer My Question Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/55601
Cisco Nexus 7000 Series Switches NX-OS CVE-2012-3051 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55600
FreeSWITCH Route Header Value Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55599
登録:
投稿 (Atom)