2012年10月19日金曜日

19日 金曜日、先勝


+ CESA-2012:1385 Important CentOS 5 java-1.6.0-openjdk Update
http://lwn.net/Alerts/520373/

+ CESA-2012:1384 Critical CentOS 6 java-1.6.0-openjdk Updat
http://lwn.net/Alerts/520374/

+ CESA-2012:1386 Important CentOS 6 java-1.7.0-openjdk Update
http://lwn.net/Alerts/520375/

+ Ubuntu 12.10 released
http://www.ubuntu.com/download/help/install-desktop-latest

+ UPDATE: Cisco IOS Software DHCP Version 6 Server Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-dhcpv6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4623

+ UPDATE: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2496
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4655

+ HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, and Other Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?javax.portlet.tpst=ba847bafb2a2d782fcbb0710b053ce01&javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalState%3DdocId%25253Demr_na-c03533078%25257CdocLocale%25253Dja_JP&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0574
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3136
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4681

+ PHP 5.4.8 and PHP 5.3.18 released
http://www.php.net/archive/2012.php#id2012-10-18-1
http://www.php.net/ChangeLog-5.php

OpenOffice Graduates from the Apache Incubator
https://blogs.apache.org/OOo/entry/openoffice_graduates_from_the_apache

Multiple Vulnerabilities in Campaign Enterprise <= 11.0.538
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00102.html

CA20121018-01: Security Notice for CA ARCserve Backup
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00101.html

Internet Explorer 9 XSS Filter Bypass
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-10/msg00100.html

ジャストシステム、「JUSTインターネットセキュリティ」をWindows 8対応
http://itpro.nikkeibp.co.jp/article/NEWS/20121019/430981/?ST=security

JVNVU#603276 OTRS にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU603276/

「第8回IPA情報セキュリティ標語・ポスター・4コマ漫画コンクール」の入選候補作品決定とご意見募集
http://www.ipa.go.jp/about/pubcomme/201210/index.html

脆弱性対策情報データベースJVN iPediaの登録状況
[2012年第3四半期(7月~9月)]
http://www.ipa.go.jp/security/vuln/report/JVNiPedia2012q3.html

Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide
http://isc.sans.edu/diary.html?storyid=14341

Novell ZENworks Asset Management Discloses Arbitrary Files to Remote Users
http://www.securitytracker.com/id/1027682

Unirgy uStoreLocator Magento Extension SQL Injection
http://cxsecurity.com/issue/WLB-2012100154

ModSecurity 2.6.8 multipart/invalid part ruleset bypass
http://cxsecurity.com/issue/WLB-2012100153

jCore 1.0pre Cross Site Scripting & SQL Injection
http://cxsecurity.com/issue/WLB-2012100152

ATutor AContent 1.2 XSS & Authentication & SQL Injection
http://cxsecurity.com/issue/WLB-2012100151

Subrion CMS 2.2.1 XSS / CSRF / SQL Injection
http://cxsecurity.com/issue/WLB-2012100150

Pmsme SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012100149

SanaNet Remote Sql Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012100148

Legrand-003598 / Bticino-F454 SCS Web Gateway Credentials leaks
http://cxsecurity.com/issue/WLB-2012100147

Wordpress Social Discussions Plugin Multiple Vulnerabilities
http://cxsecurity.com/issue/WLB-2012100146

Oracle WebCenter Sites Multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2012100145

Subrion CMS Cross-Site Scripting and SQL Injection vulnerabilities
http://secunia.com/advisories/51013/

AContent Security Bypass and SQL Injection Vulnerabilities
http://secunia.com/advisories/51014/

AContent Cross-Site Scripting and SQL Injection Vulnerabilities
http://secunia.com/advisories/51034/

FFmpeg Multiple Vulnerabilities
http://secunia.com/advisories/50963/

Steam TGA Image Processing Integer Overflow Vulnerability
http://secunia.com/advisories/50979/

OTRS Email Body Script Insertion Vulnerability
http://secunia.com/advisories/51031/

IBM OS/400 Java Multiple Vulnerabilities
http://secunia.com/advisories/51038/

Debian update for libexif
http://secunia.com/advisories/51039/

Drupal OpenID Module DOCTYPE Handling File Disclosure Vulnerability
http://secunia.com/advisories/50955/

BTicino / Legrand Home Gateway Credentials Disclosure Security Issue
http://secunia.com/advisories/51020/

Novell ZENworks Asset Management Hardcoded Credentials Two Security Issues
http://secunia.com/advisories/50967/

radsecproxy Client Certificate Verification Security Issue
http://secunia.com/advisories/50925/

ModSecurity Multipart Message Parsing Security Bypass Vulnerability
http://secunia.com/advisories/49853/

Ubuntu update for python2.4
http://secunia.com/advisories/51040/

Ubuntu update for python2.5
http://secunia.com/advisories/51024/

Red Hat update for java-1.7.0-openjdk
http://secunia.com/advisories/51029/

Red Hat update for java-1.6.0-openjdk
http://secunia.com/advisories/51028/

LOCAL: Oracle Database Authentication Protocol Security Bypass
http://www.exploit-db.com/exploits/22069

QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/51642

QEMU CVE-2012-2652 Insecure Temporary File Creation Vulnerability
http://www.securityfocus.com/bid/53725

QEMU KVM 'virtio_queue_notify()' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48499

QEMU PIIX4 Hotplug Use After Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/47927

QEMU KVM Virtio Component 'virtqueue' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/48574

rdesktop Disk Redirection Directory Traversal Vulnerability
http://www.securityfocus.com/bid/47419

W3M NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/40837

MoinMoin 'TextCha' Protection Security Bypass Vulnerability
http://www.securityfocus.com/bid/39327

MoinMoin 'Despam' Action HTML Injection Vulnerability
http://www.securityfocus.com/bid/39110

MoinMoin 'refuri' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/46476

MoinMoin Multiple Unspecified Security Vulnerabilities
http://www.securityfocus.com/bid/38023

MoinMoin 'PageEditor.py' Cross-Site Scripting Vulnerability
http://www.securityfocus.com/bid/40549

Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54702

Linux Kernel dl2k Network Driver IOCTL Handling Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53965

Linux Kernel 'mmap()' Failure Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53668

Linux Kernel SFC Driver CVE-2012-3412 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54763

ModSecurity POST Parameters Security Bypass Vulnerability
http://www.securityfocus.com/bid/56096

FreeRADIUS Multiple Stack Based Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55483

Gitolite CVE-2012-4506 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55853

OpenStack Swift 'loads()' Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/55420

hostapd CVE-2012-4445 Message Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/55826

Oracle Java SE CVE-2012-5068 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56076

Oracle Java SE CVE-2012-5077 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56058

Oracle Java Virtual Machine (JVM) CVE-2012-4416 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55501

Oracle Java SE CVE-2012-5075 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56081

Oracle Java SE CVE-2012-5079 Remote Security Bypass Vulnerability
http://www.securityfocus.com/bid/56082

Oracle Java SE CVE-2012-5081 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56071

Oracle Java SE CVE-2012-3216 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56075

Oracle Java SE CVE-2012-5073 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56080

Oracle Java SE CVE-2012-5086 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56039

Oracle Java SE CVE-2012-5069 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56065

Oracle Java SE CVE-2012-5089 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56059

Oracle Java SE CVE-2012-5084 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56063

Oracle Java SE CVE-2012-5072 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56083

Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53798

Oracle Java SE CVE-2012-0502 Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/52011

Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52017

Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52014

Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52018

Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53946

Oracle Java SE CVE-2011-3563 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52012

Oracle Java SE CVE-2012-1717 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53952

Oracle Java SE CVE-2012-0499 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/52016

Oracle Java SE CVE-2012-1719 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53950

Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/53951

Oracle Java SE CVE-2012-5087 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56043

Oracle Java SE CVE-2012-5088 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56057

Oracle Java SE CVE-2012-5076 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56054

Oracle Java SE CVE-2012-5070 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56079

Oracle Java SE CVE-2012-5074 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/56056

Oracle Database Authentication Protocol CVE-2012-3137 Security Bypass Vulnerability
http://www.securityfocus.com/bid/55651

Ruby CVE-2012-4522 Local File Creation Vulnerability
http://www.securityfocus.com/bid/56115

Mcrypt Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56114

Real Networks RealPlayer Write Access Violation Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56113

Steam 'vgui2_s.dll' Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56111

Amateur Photographer's Image Gallery Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56110

BSW Gallery 'uploadpic.php' Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/56109

radsecproxy Client Certificate Verification Security Bypass Vulnerability
http://www.securityfocus.com/bid/56105

ラベル:

0 件のコメント:

コメントを投稿

登録: コメントの投稿 (Atom)