+ PHP 5.4.8 and PHP 5.3.18 x64 (64 bit) for Windows released
http://www.anindya.com/php-5-4-8-and-php-5-3-18-x64-64-bit-for-windows/
+ CESA-2012:1434 Critical CentOS 6 icedtea-web Update
http://lwn.net/Alerts/523849/
+ UPDATE: Cisco Ironport Appliances Sophos Anti-Virus Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121108-sophos
+ セキュリティ アドバイザリー - シマンテックの旧バージョンの Decomposer (圧縮解凍エンジン) に CAB ファイルの問題
http://www.symantec.com/ja/jp/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4953
+ VMSA-2012-0015 VMware Hosted Products and OVF Tool address security issues
http://www.vmware.com/security/advisories/VMSA-2012-0015.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5469
Check Point response to PASTEBIN claim that Check Point Firewalls are vulnerable to simple SYN flooding
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk86721&src=securityAlerts
ウイルスバスター クラウド プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1862
Advisory: Tavis Ormandy finds vulnerabilities in Sophos Anti-Virus products
http://www.sophos.com/en-us/support/knowledgebase/118424.aspx
Pinterest、非公開ボードをテスト提供へ
http://itpro.nikkeibp.co.jp/article/NEWS/20121109/436221/?ST=security
Twitter、大量のパスワードリセットは「手違い」と謝罪
http://itpro.nikkeibp.co.jp/article/NEWS/20121109/436161/?ST=security
Cisco Security Advisory: Cisco Ironport Appliances Sophos Anti-virus Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00038.html
[ MDVSA-2012:171 ] icedtea-web
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-11/msg00039.html
JVNDB-2012-004379 ISC DHCP におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004379.html
JVNDB-2012-002450 Linux Kernel のブロックデバイスの I/O 実装におけるサービス運用妨害 (I/O 不安定) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002450.html
JVNDB-2012-002747 Oracle Java SE の Java Runtime Environment (JRE) における Security の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002747.html
JVNDB-2012-004459 libgio における権限を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004459.html
JVNDB-2012-004936 複数の Mozilla 製品における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004936.html
JVNDB-2012-004963 Oracle Java SE の Java Runtime Environment における Concurrency の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004963.html
JVNDB-2012-004960 Oracle Java SE の Java Runtime Environment における Hotspot の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004960.html
JVNDB-2012-004959 Oracle Java SE の Java Runtime Environment におけるライブラリの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004959.html
JVNDB-2012-004957 Oracle Java SE の Java Runtime Environment における JMX の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004957.html
JVNDB-2012-004954 Oracle Java SE の Java Runtime Environment における 2D の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004954.html
JVNDB-2012-004671 rpmdevtools で使用される devscripts における任意のファイルを変更される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004671.html
JVNDB-2012-004670 devscripts の scripts/dget.pl における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004670.html
JVNDB-2012-004669 devscripts の scripts/dget.pl における任意のファイルを削除される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004669.html
JVNDB-2012-004668 devscripts の scripts/dscverify.pl における任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004668.html
JVNDB-2012-004961 Oracle Java SE の Java Runtime Environment における Deployment の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004661.html
JVNDB-2012-004982 Oracle Java SE の Java Runtime Environment におけるライブラリの処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004982.html
JVNDB-2012-004981 Oracle Java SE の Java Runtime Environment における Beans の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004981.html
JVNDB-2012-004970 Oracle Java SE の Java Runtime Environment における JAX-WS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004970.html
JVNDB-2012-004968 Oracle Java SE の Java Runtime Environment における JAX-WS の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004968.html
JVNDB-2012-004964 Oracle Java SE の Java Runtime Environment における JMX の処理に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004964.html
JVNDB-2012-005295 IBM TFIM および TFIMBG におけるセキュリティ制限を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005295.html
JVNDB-2012-005294 Cisco Secure Access Control System における認証を回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005294.html
JVNDB-2012-005293 HP Performance Insight における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005293.html
JVNDB-2012-005292 HP Performance Insight における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005292.html
JVNDB-2012-005291 (JVNVU#662243) Sophos Antivirus に複数の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005291.html
JVNDB-2012-004935 複数の Mozilla 製品における同一生成元ポリシーを回避される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004935.html
JVNDB-2012-004934 複数の Mozilla 製品の WebSocket の実装におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004934.html
JVNDB-2012-004724 Linux Kernel の net/rds/recv.c における重要な情報を取得される脆弱性
http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004724.html
Remote Diagnostics with PSR
http://isc.sans.edu/diary.html?storyid=14485
Fresh batch of Microsoft patches next week
http://isc.sans.edu/diary.html?storyid=14488
IcedTea OpenJDK6 Remote Security Vulnerability
http://www.securiteam.com/securitynews/6O02V2A61A.html
VU#795644 esri ArcGIS web server 10.1 contains a blind SQL injection vulnerability
http://www.kb.cert.org/vuls/id/795644
VU#659615 Oberthur smart cards generate weak certificates
http://www.kb.cert.org/vuls/id/659615
TYPO3 Bugs Permit Cross-Site Scripting, SQL Injection, and Information Disclosure Attacks
http://www.securitytracker.com/id/1027745
Joomla! Unspecified Flaw Lets Remote Users Conduct Clickjacking Attacks
http://www.securitytracker.com/id/1027744
VMware Workstation and Player Bugs Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027742
Ubuntu update for apache2
http://secunia.com/advisories/51225/
Intramaps Multiple Vulnerabilities
http://secunia.com/advisories/51132/
IBM WebSphere MQ Queue Manager Large Messages Denial of Service Vulnerability
http://secunia.com/advisories/51216/
Joomla! "Clickjacking" Security Bypass Vulnerability
http://secunia.com/advisories/51187/
TYPO3 Multiple Vulnerabilities
http://secunia.com/advisories/51217/
Pattern Insight Code Assurance Cross-Site Scripting and Request Forgery Vulnerabilities
http://secunia.com/advisories/51203/
VMware Workstation / Player Multiple Vulnerabilities
http://secunia.com/advisories/51237/
VMware OVF Tool OVF File Parsing Format String Vulnerability
http://secunia.com/advisories/51240/
Cisco IronPort Web / Email Security Appliance Sophos Anti-Virus Multiple Vulnerabilities
http://secunia.com/advisories/51197/
IrfanView TIFF Image Decompression Buffer Overflow Vulnerability
http://secunia.com/advisories/49856/
Ubuntu update for glance
http://secunia.com/advisories/51234/
DoS/PoC: Microsoft Office Excel 2007 WriteAV Crash PoC
http://www.exploit-db.com/exploits/22591
IrfanView FlashPix PlugIn Double-Free Vulnerability
http://cxsecurity.com/issue/WLB-2012100240
TTY TIOCSTI ioctl allows unprivileged program running
http://cxsecurity.com/issue/WLB-2012110063
TP-LINK TL-WR841N Local File Inclusion
http://cxsecurity.com/issue/WLB-2012100254
WordPress Eco-Annu SQL Injection
http://cxsecurity.com/issue/WLB-2012110062
WordPress Calendar-Script Blind SQL Injection
http://cxsecurity.com/issue/WLB-2012110061
Innovar Web CMS Local File Inclusion Vulnerbility
http://cxsecurity.com/issue/WLB-2012110060
netOffice Dwins <= 1.4p3 SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110059
WordPress swfupload XSS vulnerability
http://cxsecurity.com/issue/WLB-2012110058
Wordpress theme kakao SQL Injection
http://cxsecurity.com/issue/WLB-2012110058
DISQUS mpacms/dc/article.php SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2012110056
Wordpress theme wilderness SQL Injection
http://cxsecurity.com/issue/WLB-2012110055
AWCM 2.2 Access Bypass
http://cxsecurity.com/issue/WLB-2012110054
Zoner Photo Studio 15 Buffer Overflow
http://cxsecurity.com/issue/WLB-2012110053
RETIRED: MantisBT SOAP API CVE-2012-2691 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56467
MantisBT SOAP API Security Bypass Vulnerability
http://www.securityfocus.com/bid/53907
MantisBT Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/52313
Xen PV Domain Builder Kernel Decompression Local Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56289
OpenStack Glance CVE-2012-4573 Arbitrary File Deletion Vulnerability
http://www.securityfocus.com/bid/56437
Sophos Antivirus Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56401
LibTIFF Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/47338
IcedTea-Web CVE-2012-4540 Heap Based Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56434
Debian 'ssmtp' Package TLS Certificate Security Bypass Vulnerability
http://www.securityfocus.com/bid/55875
OptiPNG Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55566
Debian 'openvswitch-pki' Package Multiple Insecure File Permissions Vulnerabilities
http://www.securityfocus.com/bid/54789
RETIRED: Open vSwitch CVE-2012-3449 Insecure Directory Permissions Vulnerability
http://www.securityfocus.com/bid/54794
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302
Mozilla Firefox/Thunderbird CVE-2012-3974 Local Code Execution Vulnerability
http://www.securityfocus.com/bid/55312
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301
Mcrypt Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56114
Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability
http://www.securityfocus.com/bid/56399
Claws Mail 'strchr()' Function NULL Pointer Denial of Service Vulnerability
http://www.securityfocus.com/bid/55837
PgBouncer 'add_database()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/56371
Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56285
IBM WebSphere Application Server CVE-2012-3330 Denial Of Service Vulnerability
http://www.securityfocus.com/bid/56459
IBM WebSphere Application Server CVE-2012-4853 Cross-Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/56458
Linux Kernel 'uname()' System Call Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55855
Linux Kernel 'tcp_illinois_info()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56346
Linux Kernel 'ext4_convert_unwritten_exten()' Function Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/56238
Request Tracker (RT) Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56290
Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
http://www.securityfocus.com/bid/55131
TLS Protocol CVE-2012-4929 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55704
Linux Kernel Hugepages CVE-2012-2133 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/53233
Linux Kernel 'madvise_remove()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/55151
Linux Kernel UDF Filesystem Local Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/54279
ESRI ArcGIS for Server 'where' Form Field SQL Injection Vulnerability
http://www.securityfocus.com/bid/56474
Intramaps Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56473
VMware Player and Workstation Insecure Library Loading Arbitrary Code Execution Vulnerability
http://www.securityfocus.com/bid/56470
VMware Player and Workstation CVE-2012-5458 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/56469
VMware OVF Tool OVF File CVE-2012-3569 Format String Vulnerability
http://www.securityfocus.com/bid/56468
catdoc 'src/xlsparse.c' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56466
Zoner Photo Studio Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/56461
Joomla! CVE-2012-5827 Clickjacking Security Bypass Vulnerability
http://www.securityfocus.com/bid/56397
0 件のコメント:
コメントを投稿